Java Hash Collision Denial Of Service Vulnerability
Gravità: : Alto
Identificatori CVE: CVE-2011-4838
Data notifica: 21 luglio 2015
Descrizione
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004888
Trend Micro Deep Security DPI Rule Name: 1004888 - Restrict Number Of Parameters In HTTP Request
Software e versione interessati:
- jruby jruby 0.9.0
- jruby jruby 0.9.1
- jruby jruby 0.9.2
- jruby jruby 0.9.8
- jruby jruby 0.9.9
- jruby jruby 1.0
- jruby jruby 1.0.0
- jruby jruby 1.0.1
- jruby jruby 1.0.2
- jruby jruby 1.0.3
- jruby jruby 1.1
- jruby jruby 1.1.1
- jruby jruby 1.1.2
- jruby jruby 1.1.3
- jruby jruby 1.1.4
- jruby jruby 1.1.5
- jruby jruby 1.1.6
- jruby jruby 1.2.0
- jruby jruby 1.3.0
- jruby jruby 1.3.1
- jruby jruby 1.4.0
- jruby jruby 1.4.1
- jruby jruby 1.5.0
- jruby jruby 1.5.1
- jruby jruby 1.5.2
- jruby jruby 1.5.3
- jruby jruby 1.5.4
- jruby jruby 1.5.5
- jruby jruby 1.5.6
- jruby jruby 1.6.0
- jruby jruby 1.6.1
- jruby jruby 1.6.2
- jruby jruby 1.6.3
- jruby jruby 1.6.4
- jruby jruby 1.6.5