Executive Summary

Summary
Title Sun Alert 246286 Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys
Informations
Name SUN-246286 First vendor Publication 2008-12-03
Vendor Sun Last vendor Modification 2010-01-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition 6 (Java SE 6)

A vulnerability in how the Java Runtime Environment (JRE) handlescertain RSA public keys may cause the JRE to consume an excessiveamount of CPU resources.  This may lead to a Denial of Service(DoS) condition on affected systems.  Such keys could be providedby a remote client of an application.

State: Resolved
First released: 03-Dec-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_246286_security_vulnerability

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5843
 
Oval ID: oval:org.mitre.oval:def:5843
Title: Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service
Description: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5349
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 359
Application 395

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : RedHat Security Advisory RHSA-2009:1505
File : nvt/RHSA_2009_1505.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm0.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5059500.nasl
2009-10-10 Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-03-13 Name : SuSE Security Summary SUSE-SR:2009:006
File : nvt/suse_sr_2009_006.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913
File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-02-02 Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl
2009-02-02 Name : Ubuntu USN-713-1 (openjdk-6)
File : nvt/ubuntu_713_1.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-13 Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50504 Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12511.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-713-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:22
  • Multiple Updates