PT-2004-2411 · Oracle · Java Runtime Environment

Kurt Huwig

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1503

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 1.4.2 through 1.5.0

Description The issue is related to an integer overflow in the InitialDirContext in Java Runtime Environment. This allows remote attackers to cause a denial of service, resulting in a Java exception and failed DNS requests. The attack is facilitated by a large number of DNS requests, which causes the xid variable to wrap around and become negative.

Recommendations For Java Runtime Environment versions 1.4.2 through 1.5.0, consider restricting the number of DNS requests to prevent the xid variable from wrapping around and becoming negative, until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1503

Affected Products

Java Runtime Environment

PT-2004-2411 · Oracle · Java Runtime Environment

CVE-2004-1503

Related Identifiers

Affected Products

References · 6