CVE-2013-0440

Name of the Vulnerable Software and Affected Versions Java SE versions prior to 7 Update 11 Java SE versions 6 through Update 38 Java SE versions 5.0 through Update 38 Java SE version 1.4.2 40 and earlier OpenJDK 7

Description The issue affects the Java Runtime Environment component, allowing remote attackers to impact availability through vectors related to JSSE. It is reportedly related to CPU consumption in the SSL/TLS implementation, specifically via a large number of ClientHello packets that are not properly handled by functions such as ClientHandshaker.java and ServerHandshaker.java.

Recommendations For Java SE versions prior to 7 Update 11, update to a version later than Update 11. For Java SE versions 6 through Update 38, update to a version later than Update 38. For Java SE versions 5.0 through Update 38, update to a version later than Update 38. For Java SE version 1.4.2 40 and earlier, update to a version later than 1.4.2 40. For OpenJDK 7, consider disabling the ClientHandshaker.java and ServerHandshaker.java functions as a temporary workaround until a patch is available.