Lucene search

[email protected]CVE-2007-3698

HistoryJul 11, 2007 - 10:30 p.m.

CVE-2007-3698

2007-07-1122:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3698

jsse

sun jdk

jre

ssl

tls

denial of service

cpu consumption

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

Low

0.449 Medium

EPSS

Percentile

97.4%

JSON

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

Affected configurations

NVD

Node

sunjdkMatch1.5.0update10

sunjdkMatch1.5.0update11

sunjdkMatch1.5.0update7

sunjdkMatch1.5.0update8

sunjdkMatch1.5.0update9

sunjdkMatch1.6.0update1

sunjreMatch1.4.2_11

sunjreMatch1.4.2_12

sunjreMatch1.4.2_13

sunjreMatch1.4.2_14

sunjreMatch1.5.0update10

sunjreMatch1.5.0update11

sunjreMatch1.5.0update7

sunjreMatch1.5.0update8

sunjreMatch1.5.0update9

sunjreMatch1.6.0update_1

sunsdkMatch1.4.2_11

sunsdkMatch1.4.2_12

sunsdkMatch1.4.2_13

sunsdkMatch1.4.2_14

CPENameOperatorVersion
sun:jdksun jdkeq1.5.0
sun:jdksun jdkeq1.6.0
sun:jresun jreeq1.4.2_11
sun:jresun jreeq1.4.2_12
sun:jresun jreeq1.4.2_13
sun:jresun jreeq1.4.2_14
sun:jresun jreeq1.5.0
sun:jresun jreeq1.6.0
sun:sdksun sdkeq1.4.2_11
sun:sdksun sdkeq1.4.2_12

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	1.5.0
sun:jdk	sun jdk	eq	1.6.0
sun:jre	sun jre	eq	1.4.2_11
sun:jre	sun jre	eq	1.4.2_12
sun:jre	sun jre	eq	1.4.2_13
sun:jre	sun jre	eq	1.4.2_14
sun:jre	sun jre	eq	1.5.0
sun:jre	sun jre	eq	1.6.0
sun:sdk	sun sdk	eq	1.4.2_11
sun:sdk	sun sdk	eq	1.4.2_12

Rows per page:

1-10 of 121

References

dev2dev.bea.com/pub/advisory/249

docs.info.apple.com/article.html?artnum=307177

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

osvdb.org/36663

secunia.com/advisories/26015

secunia.com/advisories/26221

secunia.com/advisories/26314

secunia.com/advisories/26631

secunia.com/advisories/26645

secunia.com/advisories/26933

secunia.com/advisories/27203

secunia.com/advisories/27635

secunia.com/advisories/27716

secunia.com/advisories/28056

secunia.com/advisories/28115

secunia.com/advisories/28777

secunia.com/advisories/28880

secunia.com/advisories/29340

secunia.com/advisories/29897

sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1

support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

www.cisco.com/en/US/products/products_security_response09186a008088bd19.html

www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml

www.gentoo.org/security/en/glsa/glsa-200709-15.xml

www.redhat.com/support/errata/RHSA-2007-0818.html

www.redhat.com/support/errata/RHSA-2007-0956.html

www.redhat.com/support/errata/RHSA-2007-1086.html

www.redhat.com/support/errata/RHSA-2008-0100.html

www.redhat.com/support/errata/RHSA-2008-0132.html

www.securityfocus.com/bid/24846

www.securitytracker.com/id?1018357

www.vupen.com/english/advisories/2007/2495

www.vupen.com/english/advisories/2007/2660

www.vupen.com/english/advisories/2007/3009

www.vupen.com/english/advisories/2007/3861

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/35333

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

Low

0.449 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2007-3698

prion2 cvelist2 nvd2 ubuntucve1 nessus18 cve1 redhat5 openvas12 gentoo1 suse1