Timing Attack Vulnerability in Sun Java SE Products
CVE-2009-3875

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 November 2009

What is CVE-2009-3875?

This vulnerability exists in the MessageDigest.isEqual function within the Java Runtime Environment. It allows remote attackers to execute timing attacks that can lead to the spoofing of HMAC-based digital signatures. By exploiting this flaw, attackers may potentially bypass authentication protocols, compromising the integrity of secured communications. This issue primarily affects several Java SE versions, underscoring the importance of updating to the latest secure versions to mitigate risks.

References

http://marc.info/?l=bugtraq&m=126566824131534&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/36881

vdb-entryx_refsource_BID

http://support.apple.com/kb/HT3970

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2009
Vulnerability Reserved
Nov 5, 2009

Oracle

What is CVE-2009-3875?

References

Timeline