Denial of Service Vulnerability in Sun Java SE Products
CVE-2009-3877

Currently unrated

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
5 November 2009

Summary

A vulnerability exists in Sun Java SE that allows remote attackers to exploit crafted HTTP headers, leading to denial of service through excessive memory consumption. This issue affects multiple versions of the JDK and JRE, including those prior to specific update levels. Proper parsing of ASN.1 DER input stream headers is not ensured, making systems running the affected software susceptible to this type of attack.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.