More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision)

[Hanno Böck <hanno () hboeck de>]

Am Wed, 28 Dec 2011 19:07:30 +0100
schrieb Andrea Barisani <lcars () ocert org>:

> Affected version:
> Java, all versions
> JRuby <= 1.6.5
> PHP <= 5.3.8, <= 5.4.0RC3
> Python, all versions
> Rubinius, all versions
> Ruby <= 1.8.7-p356
>
> Apache Geronimo, all versions
> Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22
> Oracle Glassfish <= 3.1.1
> Jetty, all versions
> Plone, all versions
> Rack, all versions
> V8 JavaScript Engine, all versions
>
> Fixed version:
> Java, N/A
> JRuby >= 1.6.5.1
> PHP >= 5.3.9, >= 5.4.0RC4
> Python, N/A
> Rubinius, N/A
> Ruby >= 1.8.7-p357, 1.9.x
>
> Apache Geronimo, N/A
> Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23
> Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the
> main codeline and scheduled for a future CPU) Jetty, N/A
> Plone, N/A
> Rack, N/A
> V8 JavaScript Engine, N/A
>
> Credit: vulnerability report and PoC code received from Alexander
> Klink <alexander.klink AT nruns.com> and Julian Waelde <jwaelde AT
> cdc.informatik.tu-darmstadt.de>.
>
> CVE: CVE-2011-4461 (Jetty), CVE-2011-4838 (JRuby), CVE-2011-4885
> (PHP), CVE-2011-4462 (Plone), CVE-2011-4815 (Ruby)

Kurt or other CVE assigners, can you please assign a bunch for python,
java, tomcat etc. pp.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description: