Oracle Java Runtime Environment (JRE) Lets Remote Users Decrypt SSL/TLS Traffic
|
|
SecurityTracker Alert ID: 1026216 |
|
SecurityTracker URL: http://securitytracker.com/id/1026216
|
|
CVE Reference:
CVE-2011-3389
(Links to External Site)
|
Date: Oct 19 2011
|
Impact:
Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior
|
Description:
A vulnerability was reported in Java Runtime Environment (JRE). A remote user can decrypt SSL/TLS sessions in certain cases.
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
Thai Duong and Juliano Rizzo reported this vulnerability.
|
Impact:
A remote user with the ability to conduct a man-in-the-middle attack can decrypt SSL/TLS sessions.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 19 Oct 2011 01:08:51 +0000
Subject: Java Runtime Environment (JRE)
|
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
CVE-2011-3389
|
|
