Launchpad CVE tracker

CVE 2011-4461

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Related bugs and status

CVE-2011-4461 (Candidate) is related to these bugs:

Bug #656374: Can't set java.library.path in /etc/default/jetty

Summary				In	Importance	Status
	656374	Can't set java.library.path in /etc/default/jetty		jetty (Ubuntu)	Undecided	Fix Released
	656374	Can't set java.library.path in /etc/default/jetty		jetty (Debian)	Unknown	Fix Released

Bug #878527: requires javac, but installs a JRE, not JDK

		In	Importance	Status
878527	requires javac, but installs a JRE, not JDK	solr (Ubuntu)	Low	Confirmed
878527	requires javac, but installs a JRE, not JDK	jetty (Ubuntu)	Low	Fix Released
878527	requires javac, but installs a JRE, not JDK	jetty (Debian)	Unknown	Fix Released

Bug #952384: Jetty 8 needs packaging

Summary				In	Importance	Status
	952384	Jetty 8 needs packaging		jetty (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4461

References