PT-2013-2335 · Oracle+4 · Java Se+6

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-0440

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Java SE versions prior to 7 Update 11 Java SE versions 6 through Update 38 Java SE versions 5.0 through Update 38 Java SE version 1.4.2 40 and earlier OpenJDK 7
Description The issue affects the Java Runtime Environment component, allowing remote attackers to impact availability through vectors related to JSSE. It is reportedly related to CPU consumption in the SSL/TLS implementation, specifically via a large number of ClientHello packets that are not properly handled by functions such as ClientHandshaker.java and ServerHandshaker.java.
Recommendations For Java SE versions prior to 7 Update 11, update to a version later than Update 11. For Java SE versions 6 through Update 38, update to a version later than Update 38. For Java SE versions 5.0 through Update 38, update to a version later than Update 38. For Java SE version 1.4.2 40 and earlier, update to a version later than 1.4.2 40. For OpenJDK 7, consider disabling the ClientHandshaker.java and ServerHandshaker.java functions as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-0440
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0624
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0624
RHSA-2013_0625
RHSA-2013_0626

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse