3 Replies Latest reply: Jan 23, 2012 6:18 AM by René van Wijk RSS

    Hash collisions predictably vulnerability impact Weblogic Servers?

      The National Vulnerability database published this tomcat vulnerability:
      "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
      See more at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4858

      Are weblogic servers impacted by this java vulnerability? How the manage this issue? What can we do?

      PS: I'm using weblogic 10g in production env.