Is there a patch the hashmap denail of service vulnerability for JBoss EAP?

sairamnadh Jan 3, 2012 6:25 PM

I would like to know if there is a patch for the hash map DoS Vulnerability as Microsoft released a patch. How can we verify if our system is vulnarabile or not?

Related to the CVE-2011-4838

Tracking IDs: oCERT-2011-003

1. Re: Is there a patch the hashmap denail of service vulnerability for JBoss EAP?

jaikiran Jan 3, 2012 11:51 PM (in response to sairamnadh)

Since you are using JBoss EAP, you are entitled to the security and other patches. Please contact the support team via the supportal portal using your EAP account.
Actions
2. Re: Is there a patch the hashmap denail of service vulnerability for JBoss EAP?

kosmaj Jan 16, 2012 6:02 AM (in response to jaikiran)

Hi Jaikiran
Is the patch already available to EAP members?
What about non-EAP ppl?

Thanks.
Actions
3. Re: Is there a patch the hashmap denail of service vulnerability for JBoss EAP?

ozizka Jan 17, 2012 1:54 AM (in response to kosmaj)

IMO:
This needs to be primarily targetted in JDK.
Until then, all public-facing hashmap keys may be adjusted using a secret, e.g. adding a salt to a string...
Actions
4. Re: Is there a patch the hashmap denail of service vulnerability for JBoss EAP?

jaikiran Jan 17, 2012 1:58 AM (in response to kosmaj)

Predrag Minovic wrote:

Is the patch already available to EAP members?
You should check via the support portal (if you are a EAP customer). I don't usually keep track of the EAP patches, so I don't have a clue.
Actions

Go to original post