Kurt Huwig

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) versions 1.4.2 through 1.5.0 **Description** The issue is related to an integer overflow in the InitialDirContext in Java Runtime Environment. This allows remote attackers to cause a denial of service, resulting in a Java exception and failed DNS requests. The attack is facilitated by a large number of DNS requests, which causes the `xid` variable to wrap around and become negative. **Recommendations** For Java Runtime Environment versions 1.4.2 through 1.5.0, consider restricting the number of DNS requests to prevent the `xid` variable from wrapping around and becoming negative, until a patch is available.