// For flags

CVE-2011-5035

MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun Java System Application Server 8.1 y 8.2 y posiblemente otros productos, computa valores hash para parámetros de forma sin restringir la habilidad para desencadenar colisiones hash de manera predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de muchos parámetros manipulados, también conocido como Oracle security ticket S0104869.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-15 First Exploit
  • 2011-12-29 CVE Reserved
  • 2011-12-30 CVE Published
  • 2024-01-17 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (33)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Glassfish Server
Search vendor "Oracle" for product "Glassfish Server"
<= 3.1.1
Search vendor "Oracle" for product "Glassfish Server" and version " <= 3.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Glassfish Server
Search vendor "Oracle" for product "Glassfish Server"
2.1.1
Search vendor "Oracle" for product "Glassfish Server" and version "2.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Glassfish Server
Search vendor "Oracle" for product "Glassfish Server"
3.0.1
Search vendor "Oracle" for product "Glassfish Server" and version "3.0.1"
-
Affected