=====================================================================
                                           CERT-Renater
                               Note d'Information No. 2012/VULN084
_____________________________________________________________________
DATE                : 16/02/2012
HARDWARE PLATFORM(S): /
OPERATING SYSTEM(S) : Systems running Oracle WebLogic Server,
                        Oracle iPlanet Web Server,
                        Oracle Containers for J2EE.
======================================================================
https://blogs.oracle.com/security/entry/security_alert_for_cve_20111
_______________________________________________________________________
Security Alert for CVE-2011-5035 Released
By Eric P. Maurice on Jan 31, 2012
Hello, this is Eric Maurice.
Oracle just released a Security Alert for CVE-2011-5035.  In recent weeks,
it was widely reported in the security community that a number of
programming language implementations and web servers were vulnerable to
hash table collision attacks.  US-CERT (United States Computer Emergency
Readiness Team) has posted a detailed explanation of this issue
(VU#903934) on its web site.
This vulnerability affects a significant number of products from Oracle
and other vendors.  It is particularly severe as it could allow a
malicious attacker to create a denial of service condition against the
targeted system through an easy unauthenticated attack over the Internet.Today’s Security Alert provides fixes to address this issue in Oracle
WebLogic Server, Oracle iPlanet Web Server, and Oracle Containers for
J2EE.  As usual, the availability of the fixes is noted in the Patch
Availability Documents listed in the Security Alert Advisory.  Note that
these fixes were not included in the  January 2012 Critical Patch Update,which however included the corresponding fix for Oracle GlassFish server.Due to the threat posed by this vulnerability, particularly because of its
ease of exploitation and the wide interest it has received in the hackingcommunity, Oracle strongly recommends that customers apply this Security
Alert as soon as possible.  Users of affected non-Oracle products should
contact their respective vendor as soon as possible to obtain the
appropriate fix.
For More Information:
The Advisory for Security Alert for CVE-2011-5035 is located at
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html
======================================================================
=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================
--------------ms090008010306050808070809