CVE-2007-3698

Published: Jul 11, 2007Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

Affected (20)

Products: Sun: Jdk, Jre, Sdk

3 products

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update11
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9
Sun Jdk	Version 1.6.0 update1
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update7
Sun Jre	Version 1.5.0 update8
Sun Jre	Version 1.5.0 update9
Sun Jre	Version 1.6.0 update_1
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14

References (80)

http://dev2dev.bea.com/pub/advisory/249

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307177

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

Source: cve@mitre.org

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

Source: cve@mitre.org

http://osvdb.org/36663

Source: cve@mitre.org

http://secunia.com/advisories/26015

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26221

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26314

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26631

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26645

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26933

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27203

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27635

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27716

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28056

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28115

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28777

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28880

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29340

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29897

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1

Source: cve@mitre.org

PatchVendor Advisory

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

Source: cve@mitre.org

http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html

Source: cve@mitre.org

Vendor Advisory

http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml

Source: cve@mitre.org

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0818.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0956.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-1086.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0100.html

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2008-0132.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/24846

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1018357

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2495

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2660

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3009

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3861

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/4224

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/35333

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634

Source: cve@mitre.org

http://dev2dev.bea.com/pub/advisory/249