Hi, I guess this is the same vulnerability as [Tomcat] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4858 [Jetty] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4461
A global problem about predictable hash collision (applies for a lot of application servers) in Java and other languages. A presentation about this (with example for java). http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf Regards Hervé On 1/31/12, diwakar <[email protected]> wrote: > Hi, > > >> ServiceMix embeds some Specs provided by Geronimo > If it is only specs, can we ignore this particular security > vulnerability from Servicemix pov. > > With Best Regards, > Diwakar > > > -- > View this message in context: > http://servicemix.396122.n5.nabble.com/Servicemix-3-x-Geronimo-Dependency-CVE-2011-5034-tp5443711p5444514.html > Sent from the ServiceMix - User mailing list archive at Nabble.com. >
