IBM Support

Potential security vulnerability due to Java HashTable implementation (CVE-2012-0193)

Flash (Alert)


A potential security exposure due to the Java™ HashTable implementation which can result in a Denial of Service (DoS)


A security exposure was found in all versions of WebSphere Application Server which have shipped with WebSphere Commerce. This exploit can cause a large number of HashTable collisions due to specially crafted HTTP request parameters. With too many collisions, performance is significantly impaired and can lead to a denial of service.


All customers are recommended to review the following WebSphere Application Server Flash (Alert) for the most up-to date information:

Potential security vulnerability when using Web based applications on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (PM53930)

Related information

A simplified Chinese translation is available

Cross reference information
Segment Product Component Platform Version Edition
Commerce WebSphere Commerce - Express Security i5/OS, Linux, Windows 7.0, 6.0, 5.6.1, 5.6 Express
Commerce WebSphere Commerce Business Edition Security AIX, i5/OS, Linux, Solaris, Windows, OS/390 5.6.1, 5.6 Business Edition
Commerce WebSphere Commerce Professional Security AIX, i5/OS, Linux, Solaris, Windows 7.0, 6.0, 5.6.1, 5.6 Professional Edition

Document information

More support for: WebSphere Commerce Enterprise

Software version: 6.0, 7.0

Operating system(s): AIX, IBM i, Linux, Solaris, Windows

Software edition: Enterprise

Reference #: 1578592

Modified date: 18 February 2015

Translate this page: