Timing Attack Vulnerability in Sun Java SE Products
CVE-2009-3875

Currently unrated

Key Information:

Vendor

Oracle
Status
Jdk
Jre
Sdk
Vendor
CVE Published:
5 November 2009

What is CVE-2009-3875?

This vulnerability exists in the MessageDigest.isEqual function within the Java Runtime Environment. It allows remote attackers to execute timing attacks that can lead to the spoofing of HMAC-based digital signatures. By exploiting this flaw, attackers may potentially bypass authentication protocols, compromising the integrity of secured communications. This issue primarily affects several Java SE versions, underscoring the importance of updating to the latest secure versions to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://marc.info/?l=bugtraq&m=126566824131534&w=2
vendor-advisoryx_refsource_HP
http://www.securityfocus.com/bid/36881
vdb-entryx_refsource_BID
http://support.apple.com/kb/HT3970
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.