PT-2007-4944 · Sun+1 · Jre+4
Published
2007-07-11
·
Updated
2018-10-30
·
CVE-2007-3698
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Sun JDK and JRE 6 versions Update 1 and earlier
Sun JDK and JRE 5.0 versions Updates 7 through 11
Sun SDK and JRE 1.4.2 versions 1.4.2 11 through 1.4.2 14
Description
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
Recommendations
For Sun JDK and JRE 6 Update 1 and earlier, update to a version later than Update 1.
For Sun JDK and JRE 5.0 Updates 7 through 11, update to a version later than Update 11.
For Sun SDK and JRE 1.4.2 11 through 1.4.2 14, update to a version later than 1.4.2 14.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jdk
Jre
Jsse
Java Platform
Sdk