Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Easy Learn Java: Programming Articles, Examples and Tips - Page 509


Previous 1060 Stories (530 Pages, 2 Per Page) Next

Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability

Go to all tips in Security

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

A vulnerability has been identified in Sun JDK, JRE and SDK, which could be exploited by attackers to bypass certain security restrictions or cause a denial of service. This issue is caused by an error in the Java Secure Socket Extension (JSSE) when processing certain SSL/TLS handshake requests, which could be exploited by attackers to create a denial of service on a vulnerable system that listens for SSL/TLS connections using JSSE for SSL/TLS support.

For example:


1) When JVM processing SSL/TLS handshake requests an error can occur exists in the Java Secure Socket Extension (JSSE). It can be exploited to cause a Denia of Service (DoS) attack on an affected system which listens for SSL/TLS connections using JSSE for SSL/TLS support.

2) An error exists within the Java Runtime Environment Applet Class Loader, which can be exploited to establish network connections to certain services running on the local host by e.g. tricking a user into loading an untrusted applet from a remote system.

Resolution

This issue is addressed in the following releases (for Solaris, Linux, and Windows):

  • JDK and JRE 6 Update 2 or later
  • JDK and JRE 5.0 Update 12 and later
  • SDK and JRE 1.4.2_15 and later

Java SE 6 is available for download at the following links:

http://java.sun.com/javase/downloads/index.jsp

Java SE 6 Update 2 for Solaris is available in the following patches:

  • Java SE 6: update 2 (as delivered in patch 125136-02 or later)
  • Java SE 6: update 2 (as delivered in patch 125137-02 or later (64bit))
  • Java SE 6_x86: update 2 (as delivered in patch 125138-02 or later)
  • Java SE 6_x86: update 2 (as delivered in patch 125139-02 or later (64bit))

Java SE 5.0 is available for download at the following link:

http://java.sun.com/j2se/1.5.0/download.jsp

Java SE 5.0 Update 12 for Solaris is available in the following patches:

  • J2SE 5.0: update 12 (as delivered in patch 118666-12 or later)
  • J2SE 5.0: update 12 (as delivered in patch 118667-12 or later (64bit))
  • J2SE 5.0_x86: update 12 (as delivered in patch 118668-12 or later)
  • J2SE 5.0_x86: update 12 (as delivered in patch 118669-12 or later (64bit))

J2SE 1.4.2 is available for download at the following link:

http://java.sun.com/j2se/1.4.2/download.html

Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

http://java.com/en/download/help/uninstall_java.xml

 


3396 bytes more | comments? | Printer Friendly Page  Send to a Friend | Score: 0
Posted by jalex on Tuesday, July 31, 2007 (11:41:37) (2631 reads)

Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerabilit

Go to all tips in Security

Security Vulnerability in Processing XSLT Stylesheets Affects Sun Java System Application Server and Web Server, remote!

A vulnerability in Sun Java System Web Server and Application Server has been reported, which can be exploited by local users to perform actions with escalated privileges.

Certain releases of Sun Java System Application Server and Sun Java System Web Server (listed in "Contributing Factors") do not securely process XSLT stylesheets contained in XSLT Transforms in XML Signatures. This could allow malicious XLST stylesheets to be executed which may, for example, allow execution of an arbitrary Java method.


The vulnerability is due to an error within the Java XML Digital Signature implementation when processing XSLT stylesheets contained in XSLT Transforms in XML Signatures.

Remote: yes

Solution summary: you need to get latest updates at SUN web site here.


376 bytes more | comments? | Printer Friendly Page  Send to a Friend | Score: 0
Posted by jalex on Tuesday, July 31, 2007 (11:29:46) (1692 reads)

Previous 1060 Stories (530 Pages, 2 Per Page) Next

530| 529| 528| 527| 526| 525| 524| 523| 522| 521| 520| 519| 518| 517| 516| 515| 514| 513| 512| 511| 510|
509
| 508| 507| 506| 505| 504| 503| 502| 501| 500| 499| 498| 497| 496| 495| 494| 493| 492| 491| 490| 489| 488| 487| 486| 485| 484| 483| 482| 481| 480| 479| 478| 477| 476| 475| 474| 473| 472| 471| 470| 469| 468| 467| 466| 465| 464| 463| 462| 461| 460| 459| 458| 457| 456| 455| 454| 453| 452| 451| 450| 449| 448| 447| 446| 445| 444| 443| 442| 441| 440| 439| 438| 437| 436| 435| 434| 433| 432| 431| 430| 429| 428| 427| 426| 425| 424| 423| 422| 421| 420| 419| 418| 417| 416| 415| 414| 413| 412| 411| 410| 409| 408| 407| 406| 405| 404| 403| 402| 401| 400| 399| 398| 397| 396| 395| 394| 393| 392| 391| 390| 389| 388| 387| 386| 385| 384| 383| 382| 381| 380| 379| 378| 377| 376| 375| 374| 373| 372| 371| 370| 369| 368| 367| 366| 365| 364| 363| 362| 361| 360| 359| 358| 357| 356| 355| 354| 353| 352| 351| 350| 349| 348| 347| 346| 345| 344| 343| 342| 341| 340| 339| 338| 337| 336| 335| 334| 333| 332| 331| 330| 329| 328| 327| 326| 325| 324| 323| 322| 321| 320| 319| 318| 317| 316| 315| 314| 313| 312| 311| 310| 309| 308| 307| 306| 305| 304| 303| 302| 301| 300| 299| 298| 297| 296| 295| 294| 293| 292| 291| 290| 289| 288| 287| 286| 285| 284| 283| 282| 281| 280| 279| 278| 277| 276| 275| 274| 273| 272| 271| 270| 269| 268| 267| 266| 265| 264| 263| 262| 261| 260| 259| 258| 257| 256| 255| 254| 253| 252| 251| 250| 249| 248| 247| 246| 245| 244| 243| 242| 241| 240| 239| 238| 237| 236| 235| 234| 233| 232| 231| 230| 229| 228| 227| 226| 225| 224| 223| 222| 221| 220| 219| 218| 217| 216| 215| 214| 213| 212| 211| 210| 209| 208| 207| 206| 205| 204| 203| 202| 201| 200| 199| 198| 197| 196| 195| 194| 193| 192| 191| 190| 189| 188| 187| 186| 185| 184| 183| 182| 181| 180| 179| 178| 177| 176| 175| 174| 173| 172| 171| 170| 169| 168| 167| 166| 165| 164| 163| 162| 161| 160| 159| 158| 157| 156| 155| 154| 153| 152| 151| 150| 149| 148| 147| 146| 145| 144| 143| 142| 141| 140| 139| 138| 137| 136| 135| 134| 133| 132| 131| 130| 129| 128| 127| 126| 125| 124| 123| 122| 121| 120| 119| 118| 117| 116| 115| 114| 113| 112| 111| 110| 109| 108| 107| 106| 105| 104| 103| 102| 101| 100| 99| 98| 97| 96| 95| 94| 93| 92| 91| 90| 89| 88| 87| 86| 85| 84| 83| 82| 81| 80| 79| 78| 77| 76| 75| 74| 73| 72| 71| 70| 69| 68| 67| 66| 65| 64| 63| 62| 61| 60| 59| 58| 57| 56| 55| 54| 53| 52| 51| 50| 49| 48| 47| 46| 45| 44| 43| 42| 41| 40| 39| 38| 37| 36| 35| 34| 33| 32| 31| 30| 29| 28| 27| 26| 25| 24| 23| 22| 21| 20| 19| 18| 17| 16| 15| 14| 13| 12| 11| 10| 9| 8| 7| 6| 5| 4| 3| 2| 1|


Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy