Oracle Java SE MurmurHash3 algorithm conflict Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Oracle Java SE 7
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2012-5373

Oracle Java Runtime Environment (JRE) is a solution that provides a reliable Runtime Environment for JAVA applications.

The Murmur algorithm used in multiple Java implementations of Oracle Java SE 7 and earlier versions and OpenJDK 7 has the hash conflict vulnerability, remote attackers can construct data that generates hash conflicts to trick users with JAVA applications into accessing the data, resulting in DOS for the user's JAVA virtual machine.

<* Source: Jan Lieskovsky (jlieskov@RedHat.com)

Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 880705
Http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2012-5373
Http://www.ocert.org/advisories/ocert-2012-001.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.oracle.com/technetwork/topics/security/