CVE-2009-3877

Name of the Vulnerable Software and Affected Versions Sun Java SE versions prior to 1.3.1 27 Sun Java SE versions prior to 1.4.2 24 JDK versions prior to 5.0 Update 22 JDK versions prior to 6 Update 17 JRE versions prior to 5.0 Update 22 JRE versions prior to 6 Update 17 SDK versions prior to 1.3.1 27 SDK versions prior to 1.4.2 24

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, via crafted HTTP headers. These headers are not properly parsed by the ASN.1 DER input stream parser.

Recommendations For JDK versions prior to 5.0 Update 22, update to version 5.0 Update 22 or later. For JDK versions prior to 6 Update 17, update to version 6 Update 17 or later. For JRE versions prior to 5.0 Update 22, update to version 5.0 Update 22 or later. For JRE versions prior to 6 Update 17, update to version 6 Update 17 or later. For SDK versions prior to 1.3.1 27, update to version 1.3.1 27 or later. For SDK versions prior to 1.4.2 24, update to version 1.4.2 24 or later. As a temporary workaround, consider restricting access to the ASN.1 DER input stream parser until a patch is available.