oss-sec mailing list archives
CVE request: java hashdos vulnerability
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 15 Jun 2012 23:13:49 +0200
Hi, Seems java is fixing HashDos finally: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html They don't mention hashdos, but the interesting part is here: "The enhanced hashing implementation uses the murmur3 hashing algorithm[1] along with random hash seeds and index masks" random hash seeds is what prevents hashdos. Further info here: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html Please assign CVE. cu, -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: java hashdos vulnerability Hanno Böck (Jun 15)
- Re: CVE request: java hashdos vulnerability Kurt Seifried (Jun 16)