Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability

JavaFAQ Home » Security Go to all tips in Security


Bookmark and Share

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

A vulnerability has been identified in Sun JDK, JRE and SDK, which could be exploited by attackers to bypass certain security restrictions or cause a denial of service. This issue is caused by an error in the Java Secure Socket Extension (JSSE) when processing certain SSL/TLS handshake requests, which could be exploited by attackers to create a denial of service on a vulnerable system that listens for SSL/TLS connections using JSSE for SSL/TLS support.

For example:

1) When JVM processing SSL/TLS handshake requests an error can occur exists in the Java Secure Socket Extension (JSSE). It can be exploited to cause a Denia of Service (DoS) attack on an affected system which listens for SSL/TLS connections using JSSE for SSL/TLS support.

2) An error exists within the Java Runtime Environment Applet Class Loader, which can be exploited to establish network connections to certain services running on the local host by e.g. tricking a user into loading an untrusted applet from a remote system.

Resolution

This issue is addressed in the following releases (for Solaris, Linux, and Windows):

  • JDK and JRE 6 Update 2 or later
  • JDK and JRE 5.0 Update 12 and later
  • SDK and JRE 1.4.2_15 and later

Java SE 6 is available for download at the following links:

http://java.sun.com/javase/downloads/index.jsp

Java SE 6 Update 2 for Solaris is available in the following patches:

  • Java SE 6: update 2 (as delivered in patch 125136-02 or later)
  • Java SE 6: update 2 (as delivered in patch 125137-02 or later (64bit))
  • Java SE 6_x86: update 2 (as delivered in patch 125138-02 or later)
  • Java SE 6_x86: update 2 (as delivered in patch 125139-02 or later (64bit))

Java SE 5.0 is available for download at the following link:

http://java.sun.com/j2se/1.5.0/download.jsp

Java SE 5.0 Update 12 for Solaris is available in the following patches:

  • J2SE 5.0: update 12 (as delivered in patch 118666-12 or later)
  • J2SE 5.0: update 12 (as delivered in patch 118667-12 or later (64bit))
  • J2SE 5.0_x86: update 12 (as delivered in patch 118668-12 or later)
  • J2SE 5.0_x86: update 12 (as delivered in patch 118669-12 or later (64bit))

J2SE 1.4.2 is available for download at the following link:

http://java.sun.com/j2se/1.4.2/download.html

Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

http://java.com/en/download/help/uninstall_java.xml

 


 Printer Friendly Page  Printer Friendly Page
 Send to a Friend  Send to a Friend

.. Bookmark and Share

Search here again if you need more info!
Custom Search



Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy