CVE-2007-3698 - The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 U

CVE-2007-3698

Summary

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

References

Vulnerable Configurations

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2010-09-06T04:04:45.610-04:00

class

vulnerability

contributors

name	Aharon Chernin
organization	SCAP.com, LLC

description

family

unix

oval:org.mitre.oval:def:10634

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2007:0818
rhsa
id RHSA-2007:0956
rhsa
id RHSA-2007:1086
rhsa
id RHSA-2008:0100
rhsa
id RHSA-2008:0132

rpms

java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4
java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4
java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4
java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4
java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4
java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4
java-1.5.0-bea-0:1.5.0.11-1jpp.1.el5
java-1.5.0-bea-demo-0:1.5.0.11-1jpp.1.el5
java-1.5.0-bea-devel-0:1.5.0.11-1jpp.1.el5
java-1.5.0-bea-jdbc-0:1.5.0.11-1jpp.1.el5
java-1.5.0-bea-missioncontrol-0:1.5.0.11-1jpp.1.el5
java-1.5.0-bea-src-0:1.5.0.11-1jpp.1.el5
java-1.4.2-bea-0:1.4.2.15-1jpp.2.el4
java-1.4.2-bea-devel-0:1.4.2.15-1jpp.2.el4
java-1.4.2-bea-jdbc-0:1.4.2.15-1jpp.2.el4
java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3
java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5
java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5
java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3
java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5
java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3
java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5
java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5
java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-demo-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-demo-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-demo-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-javacomm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-javacomm-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-jdbc-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-jdbc-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-jdbc-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-plugin-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-plugin-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-plugin-0:1.4.2.10-1jpp.2.el5
java-1.4.2-ibm-src-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-src-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-src-0:1.4.2.10-1jpp.2.el5

refmap via4

apple	APPLE-SA-2007-12-14
bea	BEA07-178.00
bid	24846
cisco	20070725 Vulnerability in Java Secure Socket Extension
confirm	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml
gentoo	GLSA-200709-15
hp	HPSBMA02288 SSRT071465
misc	http://docs.info.apple.com/article.html?artnum=307177
osvdb	36663
sectrack	1018357
secunia	26015 26221 26314 26631 26645 26933 27203 27635 27716 28056 28115 28777 28880 29340 29897
sunalert	102997
suse	SUSE-SA:2008:025
vupen	ADV-2007-2495 ADV-2007-2660 ADV-2007-3009 ADV-2007-3861 ADV-2007-4224
xf	sun-jsse-ssltls-dos(35333)

Last major update

30-10-2018 - 16:26

Published

11-07-2007 - 22:30

Last modified

30-10-2018 - 16:26