Security Alert for CVE-2011-5035 Updated

Posted by Eric P. Maurice on Oracle Blogs See other posts from Oracle Blogs or by Eric P. Maurice
Published on Thu, 29 Mar 2012 14:54:43 -0500 Indexed on 2012/03/29 23:35 UTC
Read the original article Hit count: 247

Filed under:

Hi, this is Eric Maurice again. 

Oracle has just updated the Security Alert for CVE-2011-5035 to announce the availability of additional fixes for products that were affected by this vulnerability through their use of the WebLogic Server and Oracle Container for J2EE components.  As explained in a previous blog entry, a number of programming language implementations and web servers were found vulnerable to hash table collision attacks.  This vulnerability is typically remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password.  If successfully exploited, malicious attackers can use this vulnerability to create denial of service conditions against the targeted system.

A complete list of affected products and their versions, as well as instructions on how to obtain the fixes, are listed on the Security Alert Advisory.  Oracle highly recommends that customers apply these fixes as soon as possible.

© Oracle Blogs or respective owner