Bug 249539 (CVE-2007-3698) - CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition
Summary: CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-3698
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://sunsolve.sun.com/search/docume...
Whiteboard:
Depends On: 250784 251313 251314 368071 368081 368091 417931 430799
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-25 13:50 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:20 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-04-10 20:57:35 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0818 0 normal SHIPPED_LIVE Critical: java-1.5.0-sun security update 2007-08-06 15:55:10 UTC
Red Hat Product Errata RHSA-2007:0956 0 normal SHIPPED_LIVE Moderate: java-1.5.0-bea security update 2007-10-16 07:08:21 UTC
Red Hat Product Errata RHSA-2007:1086 0 normal SHIPPED_LIVE Moderate: java-1.4.2-bea security update 2007-12-12 12:27:35 UTC
Red Hat Product Errata RHSA-2008:0100 0 normal SHIPPED_LIVE Moderate: java-1.4.2-bea security update 2008-03-11 14:09:38 UTC
Red Hat Product Errata RHSA-2008:0132 0 normal SHIPPED_LIVE Critical: java-1.4.2-ibm security update 2008-02-14 14:46:54 UTC

Description Marc Schoenefeld 2007-07-25 13:50:11 UTC 
Description of problem:

The Java Secure Socket Extension (JSSE) that is included in various releases of
the Java Runtime Environment does not correctly process SSL/TLS handshake
requests. This vulnerability may be exploited to create a Denial of Service
(DoS) condition to the system as a whole on a server that listens for SSL/TLS
connections using JSSE for SSL/TLS support.

Version-Release number of selected component (if applicable):

  RHEL-EXTRAS-U5

Additional info:

  IBM Java may also be affected (due to shared codebase).
Comment 7 Jan Lieskovsky 2010-08-31 13:29:44 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux version 4 Extras

Via RHSA-2007:0818 https://rhn.redhat.com/errata/RHSA-2007-0818.html
Comment 8 Jan Lieskovsky 2010-08-31 13:30:54 UTC 
This issue has been addressed in following products:

  RHEL Supplementary version 5

Via RHSA-2007:0956 https://rhn.redhat.com/errata/RHSA-2007-0956.html
Comment 9 Jan Lieskovsky 2010-08-31 13:31:56 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux version 4 Extras

Via RHSA-2007:1086 https://rhn.redhat.com/errata/RHSA-2007-1086.html
Comment 10 Jan Lieskovsky 2010-08-31 13:32:57 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux version 3 Extras

Via RHSA-2008:0100 https://rhn.redhat.com/errata/RHSA-2008-0100.html
Comment 11 Jan Lieskovsky 2010-08-31 13:34:50 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux version 3 Extras
  Red Hat Enterprise Linux version 4 Extras
  RHEL Supplementary version 5

Via RHSA-2008:0132 https://rhn.redhat.com/errata/RHSA-2008-0132.html
Note You need to log in before you can comment on or make changes to this bug.