Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-3698

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

Published

2007-07-11T22:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.5.0	Yes
Application	sun	jdk	1.6.0	Yes
Application	sun	jre	1.4.2_11	Yes
Application	sun	jre	1.4.2_12	Yes
Application	sun	jre	1.4.2_13	Yes
Application	sun	jre	1.4.2_14	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	sdk	1.4.2_11	Yes
Application	sun	sdk	1.4.2_12	Yes
Application	sun	sdk	1.4.2_13	Yes
Application	sun	sdk	1.4.2_14	Yes

References

http://dev2dev.bea.com/pub/advisory/249 ([email protected])
http://docs.info.apple.com/article.html?artnum=307177 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 ([email protected])
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html ([email protected])
http://osvdb.org/36663 ([email protected])
http://secunia.com/advisories/26015 Vendor Advisory ([email protected])
http://secunia.com/advisories/26221 Vendor Advisory ([email protected])
http://secunia.com/advisories/26314 Vendor Advisory ([email protected])
http://secunia.com/advisories/26631 Vendor Advisory ([email protected])
http://secunia.com/advisories/26645 Vendor Advisory ([email protected])
http://secunia.com/advisories/26933 Vendor Advisory ([email protected])
http://secunia.com/advisories/27203 Vendor Advisory ([email protected])
http://secunia.com/advisories/27635 Vendor Advisory ([email protected])
http://secunia.com/advisories/27716 Vendor Advisory ([email protected])
http://secunia.com/advisories/28056 Vendor Advisory ([email protected])
http://secunia.com/advisories/28115 Vendor Advisory ([email protected])
http://secunia.com/advisories/28777 Vendor Advisory ([email protected])
http://secunia.com/advisories/28880 Vendor Advisory ([email protected])
http://secunia.com/advisories/29340 Vendor Advisory ([email protected])
http://secunia.com/advisories/29897 Vendor Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 Patch, Vendor Advisory ([email protected])
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html ([email protected])
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html Vendor Advisory ([email protected])
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml Vendor Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0818.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0956.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-1086.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0100.html Patch ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0132.html Patch ([email protected])
http://www.securityfocus.com/bid/24846 Patch ([email protected])
http://www.securitytracker.com/id?1018357 ([email protected])
http://www.vupen.com/english/advisories/2007/2495 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/2660 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/3009 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/3861 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/4224 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/35333 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634 ([email protected])
http://dev2dev.bea.com/pub/advisory/249 (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=307177 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/36663 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26015 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26221 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26314 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26631 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26645 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26933 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27203 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27635 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27716 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28056 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28115 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28777 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28880 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29340 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29897 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0818.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0956.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-1086.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0100.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0132.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/24846 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018357 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2495 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2660 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3009 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3861 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/4224 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35333 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634 (af854a3a-2127-422b-91ae-364da2661108)