Security Alert for CVE-2011-5035 Updated
Posted
by Eric P. Maurice
on Oracle Blogs
See other posts from Oracle Blogs
or by Eric P. Maurice
Published on Thu, 29 Mar 2012 14:54:43 -0500
Indexed on
2012/03/29
23:35 UTC
Read the original article
Hit count: 246
Hi, this is Eric Maurice again.
Oracle has just updated the Security Alert for CVE-2011-5035 to announce the availability of additional fixes for products that were affected by this vulnerability through their use of the WebLogic Server and Oracle Container for J2EE components. As explained in a previous blog entry, a number of programming language implementations and web servers were found vulnerable to hash table collision attacks. This vulnerability is typically remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, malicious attackers can use this vulnerability to create denial of service conditions against the targeted system.
A complete list of affected products and their versions, as well as instructions on how to obtain the fixes, are listed on the Security Alert Advisory. Oracle highly recommends that customers apply these fixes as soon as possible.
© Oracle Blogs or respective owner