Jetty Hash Collision Denial Of Service Vulnerability
BID:51199
Info
Jetty Hash Collision Denial Of Service Vulnerability
| Bugtraq ID: | 51199 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2011-4461 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2011 12:00AM |
| Updated: | Jul 06 2016 02:30PM |
| Credit: | Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Jetty Jetty 7.0 Jetty Jetty 6.1.17 Jetty Jetty 6.1.16 Jetty Jetty 6.1.7 Jetty Jetty 6.0.2 Jetty Jetty 6.0.1 Jetty Jetty 7.0.0.M2 Jetty Jetty 6.1.6 Jetty Jetty 6.1.5 Jetty Jetty 6.1.4 Jetty Jetty 6.1.3 Jetty Jetty 6.1.2 Jetty Jetty 6.1.1 Jetty Jetty 6.1.0pre3 Jetty Jetty 6.1.0pre2 |
| Not Vulnerable: | |
Discussion
Jetty Hash Collision Denial Of Service Vulnerability
Jetty is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Jetty is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Exploit / POC
Jetty Hash Collision Denial Of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Jetty Hash Collision Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Jetty Hash Collision Denial Of Service Vulnerability
References:
References:
- Jetty Homepage (Jetty)
- n.runs-SA-2011.004 28-Dec-2011 (n.runs AG)
- Security Bulletin: Denial of service in IBM InfoSphere Data Replication Dashboa (IBM)
- #2011-003 multiple implementations denial-of-service via hash algorithm collisio (oCERT)
- cpuapr2016: Oracle Critical Patch Update Advisory - April 2016 (Oracle)
- HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial (HP)
- Moderate: Fuse ESB Enterprise 7.1.0 update (Red Hat)
- Moderate: Fuse Management Console 7.1.0 update (Red Hat)
- Oracle Critical Patch Update Advisory - January 2015 Oracle Advisory (Oracle)
- Security Bulletin swg21612331 : Unspecified Vulnerabilities in Rational Synergy (IBM)
- Security Bulletin swg21612332 : Potential Denial of Service (DoS) security vulne (IBM)
- Security Bulletin swg21612333 : Security Bulletin: Open Redirect and Cross-Site (IBM)
- Security Bulletin: Potential Denial of Service (DoS) security vulnerability in I (IBM)
- Security Bulletin: Potential security exposure when using InfoSphere BigInsights (IBM)
- Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gatew (IBM)