search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Sun Java Runtime Environment vulnerable to DoS

Vulnerability Note VU#118558

Original Release Date: 2004-05-14 | Last Revised: 2004-05-21

Overview

The Sun Java Runtime Environment (JRE) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service condition in the Java Virtual Machine (JVM).

Description

The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is a non-specific vulnerability in the Java Runtime Environment, which could allow an unauthenticated, remote attacker to cause the Java Virtual Machine to become unresponsive.

Impact

An unauthenticated, remote attacker could cause a denial-of-service condition.

Solution

According to Sun Security Alert 57555, this issue has been addressed in the following releases:

Windows Production Releases

    • SDK and JRE 1.4.2_04 or later 1.4.2 releases
Solaris Operating Environment Releases
    • SDK and JRE 1.4.2_04 or later 1.4.2 releases
Linux Production Releases
    • SDK and JRE 1.4.2_04 or later 1.4.2 releases

Vendor Information

118558
Expand all

Sun Microsystems Inc.

Updated:  May 14, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to Sun Security Alert 57555.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was reported by Sun Microsystems

This document was written by Damon Morda.

Other Information

CVE IDs: None
Severity Metric: 1.72
Date Public: 2004-05-06
Date First Published: 2004-05-14
Date Last Updated: 2004-05-21 20:22 UTC
Document Revision: 13

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.