Weekly Vulnerabilities Reports > December 26, 2011 to January 1, 2012

Overview

1 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 2 vendors including Oracle, and Mortbay. Vulnerabilities are notably categorized as and "Cryptographic Issues".

  • 1 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-12-30 CVE-2011-4461 Oracle
Mortbay
Cryptographic Issues vulnerability in multiple products

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS