PT-2007-4103 · Sun · Java Development Kit+1
Published
2007-05-22
·
Updated
2019-08-01
·
CVE-2007-2789
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10
Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10
Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06
Sun Java Runtime Environment (JRE) 6 versions prior to 1.6.0 01-b06
Description
The issue allows remote attackers to cause a denial of service, resulting in a JVM hang, via untrusted applets or applications that open arbitrary local files using a crafted BMP file. This can be achieved by accessing local files such as /dev/tty.
Recommendations
For Sun Java Development Kit (JDK) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later.
For Sun Java Runtime Environment (JRE) versions 1.3.1 through 1.5.0 10, update to version 1.5.0 11-b03 or later.
For Sun Java Development Kit (JDK) versions 1.6.x prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later.
For Sun Java Runtime Environment (JRE) 6 versions prior to 1.6.0 01-b06, update to version 1.6.0 01-b06 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Java Development Kit
Sun Java Runtime Environment