Vulnerability Details : CVE-2012-2739
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Vulnerability category: Denial of service
Products affected by CVE-2012-2739
- cpe:2.3:a:oracle:jdk:*:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
Threat overview for CVE-2012-2739
Top countries where our scanners detected CVE-2012-2739
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-2739 78
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-2739!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-2739
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2739
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2739
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2739
-
http://www.nruns.com/_downloads/advisory28122011.pdf
Best 7 Best Internet Security Software in 2019
-
http://www.openwall.com/lists/oss-security/2012/06/15/12
oss-security - CVE request: java hashdos vulnerability
-
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
Java Security and Related Topics: Investigating the HashDoS issueExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=750533
750533 – (CVE-2012-2739) CVE-2012-2739 java: hash table collisions CPU usage DoS (oCERT-2011-003)
-
http://www.kb.cert.org/vuls/id/903934
VU#903934 - Hash table implementations vulnerable to algorithmic complexity attacksUS Government Resource
-
http://www.ocert.org/advisories/ocert-2011-003.html
oCERT archive
-
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
Review Request CR#7118743 : Alternative Hashing for String with Hash-based MapsVendor Advisory
-
http://www.openwall.com/lists/oss-security/2012/06/17/1
oss-security - Re: CVE request: java hashdos vulnerability
Jump to