Fluid Attacks Database

Description

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel5	java-1.5.0-ibm
rpm rhel6	java-1.6.0-ibm
rpm rhel6	java-1.5.0-ibm
rpm rhel5	java-1.6.0-ibm
rpm rhel6	java-1.6.0-openjdk
rpm rhel6	java-1.6.0-sun
rpm rhel5	java-1.6.0-sun
rpm rhel5	java-1.6.0-openjdk

Aliases

1. CVE-2012-27392. NVD-2012-27393. OSV-2012-2739

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.