PT-2009-6101 · Sun+3 · Java Se+3
Published
2009-11-05
·
Updated
2018-10-30
·
CVE-2009-3876
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java SE versions prior to JDK and JRE 5.0 Update 22
Sun Java SE versions prior to JDK and JRE 6 Update 17
Sun Java SE SDK and JRE 1.3.x versions prior to 1.3.1 27
Sun Java SE SDK and JRE 1.4.x versions prior to 1.4.2 24
Description
The issue allows remote attackers to cause a denial of service, specifically memory consumption, by providing crafted DER encoded data. This data is not properly decoded by the ASN.1 DER input stream parser.
Recommendations
For Sun Java SE versions prior to JDK and JRE 5.0 Update 22, update to JDK and JRE 5.0 Update 22 or later.
For Sun Java SE versions prior to JDK and JRE 6 Update 17, update to JDK and JRE 6 Update 17 or later.
For Sun Java SE SDK and JRE 1.3.x versions prior to 1.3.1 27, update to SDK and JRE 1.3.1 27 or later.
For Sun Java SE SDK and JRE 1.4.x versions prior to 1.4.2 24, update to SDK and JRE 1.4.2 24 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp-Ux
Java Platform
Java Se
Red Hat