Oracle » JRE » 1.5.0 update_41 : Security Vulnerabilities, CVEs,
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Max CVSS
5.3
EPSS Score
0.31%
Published
2017-12-29
Updated
2018-01-17
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.
Max CVSS
5.0
EPSS Score
0.31%
Published
2012-11-28
Updated
2017-08-29
2 vulnerabilities found