PT-2009-6101 · Sun+3 · Java Se+3
Publicado
2009-11-05
·
Atualizado
2018-10-30
·
CVE-2009-3876
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java SE versions prior to JDK and JRE 5.0 Update 22
Sun Java SE versions prior to JDK and JRE 6 Update 17
Sun Java SE SDK and JRE 1.3.x versions prior to 1.3.1 27
Sun Java SE SDK and JRE 1.4.x versions prior to 1.4.2 24
Description
The issue allows remote attackers to cause a denial of service, specifically memory consumption, by providing crafted DER encoded data. This data is not properly decoded by the ASN.1 DER input stream parser.
Recommendations
For Sun Java SE versions prior to JDK and JRE 5.0 Update 22, update to JDK and JRE 5.0 Update 22 or later.
For Sun Java SE versions prior to JDK and JRE 6 Update 17, update to JDK and JRE 6 Update 17 or later.
For Sun Java SE SDK and JRE 1.3.x versions prior to 1.3.1 27, update to SDK and JRE 1.3.1 27 or later.
For Sun Java SE SDK and JRE 1.4.x versions prior to 1.4.2 24, update to SDK and JRE 1.4.2 24 or later.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hp-Ux
Java Platform
Java Se
Red Hat