Denial of Service Vulnerability in Sun Java SE Products
CVE-2009-3877

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 November 2009

Summary

A vulnerability exists in Sun Java SE that allows remote attackers to exploit crafted HTTP headers, leading to denial of service through excessive memory consumption. This issue affects multiple versions of the JDK and JRE, including those prior to specific update levels. Proper parsing of ASN.1 DER input stream headers is not ensured, making systems running the affected software susceptible to this type of attack.

References

http://marc.info/?l=bugtraq&m=126566824131534&w=2

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/36881

vdb-entryx_refsource_BID

http://support.apple.com/kb/HT3970

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 5, 2009
Vulnerability Reserved
Nov 5, 2009