Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-0440

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2013:0236
REDHAT: RHSA-2013:0237
CERT: TA13-032A
CERT-VN: VU#858729
CONFIRM: http://icedtea.classpa...
CONFIRM: http://icedtea.classpa...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2013:0245
REDHAT: RHSA-2013:0246
REDHAT: RHSA-2013:0247
SUSE: openSUSE-SU-2013:0312
SUSE: openSUSE-SU-2013:0377
SUSE: SUSE-SU-2013:0478
REDHAT: RHSA-2013:1455
REDHAT: RHSA-2013:1456
CONFIRM: https://wiki.mageia.or...
MANDRIVA: MDVSA-2013:095
GENTOO: GLSA-201406-32
BID: 57712
HP: HPSBUX02864
HP: SSRT101156
HP: HPSBMU02874
HP: HPSBUX02857
HP: SSRT101103
HP: SSRT101184
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2013-0440

Related bugs

References