Vulnerabilità: CVE-2007-3698

Il Java Secure Socket Extension (JSSE) a Sun JDK e JRE 6 Update 1 e versioni precedenti, JDK e JRE 5.0 Aggiornamenti da 7 a 11, e SDK e JRE 1.4.2_11 attraverso 1.4.2_14, quando si utilizza JSSE per il supporto SSL / TLS, permette aggressori remoti di causare un denial of service (consumo di CPU) tramite alcuni / le domande di handshake TLS SSL.


http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/249
http://www.securityfocus.com/bid/24846
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
http://docs.info.apple.com/article.html?artnum=307177
http://osvdb.org/36663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://www.securitytracker.com/id?1018357
http://secunia.com/advisories/26015
http://secunia.com/advisories/26221
http://secunia.com/advisories/26314
http://secunia.com/advisories/26631
http://secunia.com/advisories/26645
http://secunia.com/advisories/26933
http://secunia.com/advisories/27203
http://secunia.com/advisories/27635
http://secunia.com/advisories/27716
http://secunia.com/advisories/28056
http://secunia.com/advisories/28115
http://secunia.com/advisories/28777
http://secunia.com/advisories/28880
http://secunia.com/advisories/29340
http://secunia.com/advisories/29897
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2007/2495
http://www.vupen.com/english/advisories/2007/2660
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/3861
http://www.vupen.com/english/advisories/2007/4224
https://exchange.xforce.ibmcloud.com/vulnerabilities/35333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi