Search for vulnerabilities
| Vulnerability ID | VCID-gpa3-1mr2-8ue8 |
| Aliases |
CVE-2011-5035
|
| Summary | GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003) |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.5 |
| Risk | 1.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.58626 | https://api.first.org/data/v1/epss?cve=CVE-2011-5035 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5035.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2011-5035 | ||
| 771283 | https://bugzilla.redhat.com/show_bug.cgi?id=771283 | |
| GLSA-201401-30 | https://security.gentoo.org/glsa/201401-30 | |
| GLSA-201406-32 | https://security.gentoo.org/glsa/201406-32 | |
| RHSA-2012:0135 | https://access.redhat.com/errata/RHSA-2012:0135 | |
| RHSA-2012:0139 | https://access.redhat.com/errata/RHSA-2012:0139 | |
| RHSA-2012:0322 | https://access.redhat.com/errata/RHSA-2012:0322 | |
| RHSA-2012:0514 | https://access.redhat.com/errata/RHSA-2012:0514 | |
| RHSA-2013:1455 | https://access.redhat.com/errata/RHSA-2013:1455 |
| Data source | Metasploit |
|---|---|
| Description | This module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures. |
| Note | Stability: - crash-service-down SideEffects: [] Reliability: [] |
| Ransomware campaign use | Unknown |
| Source publication date | Dec. 28, 2011 |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/hashcollision_dos.rb |
| Data source | Exploit-DB |
|---|---|
| Date added | July 14, 2006 |
| Description | MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection |
| Ransomware campaign use | Known |
| Source publication date | July 15, 2006 |
| Exploit type | webapps |
| Platform | php |
| Source update date | Nov. 9, 2016 |
| Percentile | 0.98244 |
| EPSS Score | 0.58626 |
| Published At | June 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T18:26:37.146909+00:00 | RedHat Importer | Import | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5035.json | 38.6.0 |