(BEA Issues Fix for JRockit) Re: Java Secure Socket Extension (JSSE) SSL/TLS Handshake Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018621 |
|
SecurityTracker URL: http://securitytracker.com/id/1018621
|
|
CVE Reference:
CVE-2007-3698
(Links to External Site)
|
Date: Aug 29 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Java Secure Socket Extension (JSSE). A remote user can cause denial of service conditions. BEA JRockit is affected.
JSSE does not properly process SSL/TLS handshake requests. A remote user can send a specially crafted request to cause the target system to crash.
Sun credits Cisco Systems with reporting this vulnerability.
|
Impact:
A remote user can cause the target system to crash.
|
Solution:
BEA has issued a fix for JRockit, which is affected by this Java vulnerability.
BEA products that use JRockit are also affected.
The BEA advisory is available at:
http://dev2dev.bea.com/pub/advisory/249
|
Cause:
Exception handling error
|
Underlying OS:
Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 29 Aug 2007 01:10:58 -0400
Subject: http://dev2dev.bea.com/pub/advisory/249
|
CVE-2007-3698
|
|
