CVE

Id
58616  
CVE No.
CVE-2012-5373  
Status
Candidate  
Description
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.  
Phase
Assigned (20121010)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
600604 58616 CVE-2012-5373 MISC:http://2012.appsec-forum.ch/conferences/#c17  View
600605 58616 CVE-2012-5373 MISC:http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf  View
600606 58616 CVE-2012-5373 MISC:http://www.ocert.org/advisories/ocert-2012-001.html  View
600607 58616 CVE-2012-5373 MISC:https://www.131002.net/data/talks/appsec12_slides.pdf  View
600608 58616 CVE-2012-5373 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=880705  View
600609 58616 CVE-2012-5373 BID:56673  View
600610 58616 CVE-2012-5373 URL:http://www.securityfocus.com/bid/56673  View
600611 58616 CVE-2012-5373 XF:java-murmur-hash-dos(80299)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29221 JVNDB-2012-004928 ActiveTcl のインストレーション機能における権限を取得される脆弱性 ActiveTcl のインストレーション機能には、検索パスに関する処理に不備があるため、C: ディレクトリのトップレベルにインストールを行う際、権限を取得される脆弱性が存在します。 CVE-2012-5378 58616 6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004928.html  View