Java hash conflict Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Sun JDK 1.x
Sun JRE 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51236
Cve id: CVE-2011-4838

Java is an object-oriented programming language that can write cross-platform applications.

Java uses a hash table to map key values to related entries. If the hash table contains entries with different keys and these entries are mapped to the same hash value, a hash conflict occurs. If attackers generate many requests that contain conflicting key values, the application performs the hash form search operation, resulting in DOS.

<* Source: Alexander Klink (a.klink@cynops.de)

Link: http://www.kb.cert.org/vuls/id/903934
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

Limiting the processing time of a single request can reduce the impact of malicious requests;
Limiting the size of POST requests can reduce the possibility of conflict.
Restrict the parameters of each request.

Vendor patch:

Sun
---
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://sunsolve.sun.com/security