CVE-2007-3698

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

References

http://dev2dev.bea.com/pub/advisory/249

http://docs.info.apple.com/article.html?artnum=307177

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

http://osvdb.org/36663

http://secunia.com/advisories/26015

http://secunia.com/advisories/26221

http://secunia.com/advisories/26314

http://secunia.com/advisories/26631

http://secunia.com/advisories/26645

http://secunia.com/advisories/26933

http://secunia.com/advisories/27203

http://secunia.com/advisories/27635

http://secunia.com/advisories/27716

http://secunia.com/advisories/28056

http://secunia.com/advisories/28115

http://secunia.com/advisories/28777

http://secunia.com/advisories/28880

http://secunia.com/advisories/29340

http://secunia.com/advisories/29897

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html

http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml

http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

http://www.redhat.com/support/errata/RHSA-2007-0818.html

http://www.redhat.com/support/errata/RHSA-2007-0956.html

http://www.redhat.com/support/errata/RHSA-2007-1086.html

http://www.redhat.com/support/errata/RHSA-2008-0100.html

http://www.redhat.com/support/errata/RHSA-2008-0132.html

http://www.securityfocus.com/bid/24846

http://www.securitytracker.com/id?1018357

http://www.vupen.com/english/advisories/2007/2495

http://www.vupen.com/english/advisories/2007/2660

http://www.vupen.com/english/advisories/2007/3009

http://www.vupen.com/english/advisories/2007/3861

http://www.vupen.com/english/advisories/2007/4224

https://exchange.xforce.ibmcloud.com/vulnerabilities/35333

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634

Details

Source: MITRE

Published: 2007-07-11

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
63846RHEL 4 : java-1.4.2-bea (RHSA-2007:1086)NessusRed Hat Local Security Checks
high
63843RHEL 4 : java-1.5.0-sun (RHSA-2007:0818)NessusRed Hat Local Security Checks
high
60344Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60316Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
41210SuSE9 Security Update : IBM Java 2 JRE and SDK (YOU Patch Number 12142)NessusSuSE Local Security Checks
high
40714RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132)NessusRed Hat Local Security Checks
high
40712RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)NessusRed Hat Local Security Checks
high
40708RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)NessusRed Hat Local Security Checks
high
39378HP-UX PHSS_38148 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 19NessusHP-UX Local Security Checks
high
39377HP-UX PHSS_38147 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19NessusHP-UX Local Security Checks
high
34952HP-UX PHSS_38761 : s700_800 11.X OV NNM7.01 Intermediate Patch 12NessusHP-UX Local Security Checks
critical
32049SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182)NessusSuSE Local Security Checks
high
29702Mac OS X : Java for Mac OS X 10.4 Release 6NessusMacOS X Local Security Checks
critical
29476SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)NessusSuSE Local Security Checks
high
28272HP-UX PHSS_37197 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
28271HP-UX PHSS_37183 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
28270HP-UX PHSS_37182 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
26117GLSA-200709-15 : BEA JRockit: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high