Timing Attack Vulnerability in Sun Java SE Products
CVE-2009-3875

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 November 2009

Summary

This vulnerability exists in the MessageDigest.isEqual function within the Java Runtime Environment. It allows remote attackers to execute timing attacks that can lead to the spoofing of HMAC-based digital signatures. By exploiting this flaw, attackers may potentially bypass authentication protocols, compromising the integrity of secured communications. This issue primarily affects several Java SE versions, underscoring the importance of updating to the latest secure versions to mitigate risks.

References

http://marc.info/?l=bugtraq&m=126566824131534&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/36881

vdb-entryx_refsource_BID

http://support.apple.com/kb/HT3970

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 5, 2009
Vulnerability Reserved
Nov 5, 2009