CVE-2007-3698

Severity

78%

Complexity

99%

Confidentiality

115%

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Sun

First reported 17 years ago

2007-07-11 22:30:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JDK 6 Update 1

1.6.0

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

References

BEA07-178.00

http://docs.info.apple.com/article.html?artnum=307177

SSRT071465

APPLE-SA-2007-12-14

SUSE-SA:2008:025

36663

26015

Vendor Advisory

26221

Vendor Advisory

26314

Vendor Advisory

26631

Vendor Advisory

26645

Vendor Advisory

26933

Vendor Advisory

27203

Vendor Advisory

27635

Vendor Advisory

27716

Vendor Advisory

28056

Vendor Advisory

28115

Vendor Advisory

28777

Vendor Advisory

28880

Vendor Advisory

29340

Vendor Advisory

29897

Vendor Advisory

102997

Patch, Vendor Advisory

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

20070725 Vulnerability in Java Secure Socket Extension

Vendor Advisory

http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml

Vendor Advisory

GLSA-200709-15

RHSA-2007:0818

RHSA-2007:0956

RHSA-2007:1086

RHSA-2008:0100

Patch

RHSA-2008:0132

Patch

24846

Patch

1018357

ADV-2007-2495

Vendor Advisory

ADV-2007-2660

Vendor Advisory

ADV-2007-3009

Vendor Advisory

ADV-2007-3861

Vendor Advisory

ADV-2007-4224

Vendor Advisory

sun-jsse-ssltls-dos(35333)

oval:org.mitre.oval:def:10634

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.