CVE-2011-5035

MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun Java System Application Server 8.1 y 8.2 y posiblemente otros productos, computa valores hash para parámetros de forma sin restringir la habilidad para desencadenar colisiones hash de manera predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de muchos parámetros manipulados, también conocido como Oracle security ticket S0104869.

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-07-15 First Exploit
2011-12-29 CVE Reserved
2011-12-30 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (34)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html	Mailing List
http://secunia.com/advisories/48073	Third Party Advisory
http://secunia.com/advisories/48074	Third Party Advisory
http://secunia.com/advisories/48589	Third Party Advisory
http://secunia.com/advisories/48950	Third Party Advisory
http://secunia.com/advisories/57126	Third Party Advisory
http://www.kb.cert.org/vuls/id/903934	Third Party Advisory
http://www.nruns.com/_downloads/advisory28122011.pdf	X_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html	X_refsource_misc
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html	X_refsource_confirm
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py	X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908	Signature
http://ocert.org/advisories/ocert-2011-003.html
https://web.archive.org/web/20120105151644/http://www.nruns.com/_downloads/advisory28122011.pdf
https://fahrplan.events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
https://fahrplan.events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
https://www.youtube.com/watch?v=R2Cq3CLI6H8

URL	Date	SRC
https://packetstorm.news/files/id/180523	2024-08-31
https://www.exploit-db.com/exploits/2012	2006-07-15

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html	2018-01-06
http://marc.info/?l=bugtraq&m=133364885411663&w=2	2018-01-06
http://marc.info/?l=bugtraq&m=133847939902305&w=2	2018-01-06
http://marc.info/?l=bugtraq&m=134254866602253&w=2	2018-01-06
http://marc.info/?l=bugtraq&m=134254957702612&w=2	2018-01-06
http://marc.info/?l=bugtraq&m=139344343412337&w=2	2018-01-06
http://rhn.redhat.com/errata/RHSA-2012-0514.html	2018-01-06
http://rhn.redhat.com/errata/RHSA-2013-1455.html	2018-01-06
http://security.gentoo.org/glsa/glsa-201406-32.xml	2018-01-06
http://www.debian.org/security/2012/dsa-2420	2018-01-06
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	2018-01-06
https://access.redhat.com/security/cve/CVE-2011-5035	2013-10-23
https://bugzilla.redhat.com/show_bug.cgi?id=771283	2013-10-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Glassfish Server Search vendor "Oracle" for product "Glassfish Server"				<= 3.1.1 Search vendor "Oracle" for product "Glassfish Server" and version " <= 3.1.1"		-		Affected
Oracle Search vendor "Oracle"		Glassfish Server Search vendor "Oracle" for product "Glassfish Server"				2.1.1 Search vendor "Oracle" for product "Glassfish Server" and version "2.1.1"		-		Affected
Oracle Search vendor "Oracle"		Glassfish Server Search vendor "Oracle" for product "Glassfish Server"				3.0.1 Search vendor "Oracle" for product "Glassfish Server" and version "3.0.1"		-		Affected