Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home    |    View Topics    |    Search    |    Contact Us    |

SecurityTracker Archives

Sign Up Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary Instant Alerts Buy our Premium Vulnerability Notification Service to receive customized, instant alerts Affiliates Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free! Partners Become a Partner and License Our Database or Notification Service Report a Bug Report a vulnerability that you have found to SecurityTracker bugs @ securitytracker.com

Category:   Application (Generic)  >   Java Runtime Environment (JRE) Vendors:   Sun Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service SecurityTracker Alert ID:  1021309 SecurityTracker URL:  http://securitytracker.com/id/1021309 CVE Reference:   CVE-2008-5349   (Links to External Site) Updated:  Dec 5 2008 Original Entry Date:  Dec 4 2008 Impact:   Denial of service via network Fix Available:  Yes  Vendor Confirmed:  Yes   Version(s): JDK and JRE 6 Update 10 and prior; JDK and JRE 5.0 Update 16 and prior Description:   A vulnerability was reported in Sun Java Runtime Environment (JRE) in the processing of certain RSA public keys. A remote user can cause denial of service conditions. A remote user can send specially crafted RSA public keys to the target Java application to cause the target application to consume excessive CPU resources. Impact:   A remote user can cause the target application to consume excessive CPU resources. Solution:   The vendor has issued the following Java SE and Java SE for Business releases for Solaris, Windows and Linux: * JDK and JRE 6 Update 11 or later * JDK and JRE 5.0 Update 17 or later The vendor's advisory is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1 Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1 (Links to External Site) Cause:   Resource error Underlying OS:   Linux (Any), UNIX (Solaris - SunOS), Windows (Any) Message History:   This archive entry has one or more follow-up message(s) listed below. Dec 5 2008 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has released a fix for java-1.5.0-sun for Red Hat Enterprise Linux 4 and 5. Dec 5 2008 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has released a fix for java-1.6.0-sun for Red Hat Enterprise Linux 4 and 5. Jan 14 2009 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has released a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 4 and 5. May 7 2009 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has released a fix for java-1.5.0-ibm for Red Hat Network Satellite Server. Jun 2 2009 (HP Issues Fix for HP-UX) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service HP has issued a fix for HP-UX 11.11, 11.23, and 11.31. Oct 15 2009 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has released a fix for java-1.4.2-ibm for Red Hat Enterprise Linux Extras 3, 4, and 5. Nov 5 2009 (Red Hat Issues Fix) Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service   (bugzilla@redhat.com) Red Hat has issued a fix for java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP.  Source Message Contents Date:  Thu, 4 Dec 2008 16:54:42 -0500 Subject:  http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1 Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us
Copyright 2012, SecurityGlobal.net LLC