// For flags

CVE-2007-3698

Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

El Java Secure Socket Extension (JSSE) en Sun JDK y JRE versión 6 Update 1 y anteriores, JDK y JRE versión 5.0 Updates 7 hasta 11, y SDK y JRE versión 1.4.2_11 hasta 1.4.2_14, cuando se usa JSSE para soporte SSL/TLS, permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) por medio de ciertas peticiones de protocolo de enlace SSL/TLS.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-11 CVE Reserved
  • 2007-07-11 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (42)
URL Date SRC
URL Date SRC
http://dev2dev.bea.com/pub/advisory/249 2018-10-30
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 2018-10-30
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html 2018-10-30
http://secunia.com/advisories/26015 2018-10-30
http://secunia.com/advisories/26221 2018-10-30
http://secunia.com/advisories/26314 2018-10-30
http://secunia.com/advisories/26631 2018-10-30
http://secunia.com/advisories/26645 2018-10-30
http://secunia.com/advisories/26933 2018-10-30
http://secunia.com/advisories/27203 2018-10-30
http://secunia.com/advisories/27635 2018-10-30
http://secunia.com/advisories/27716 2018-10-30
http://secunia.com/advisories/28056 2018-10-30
http://secunia.com/advisories/28115 2018-10-30
http://secunia.com/advisories/28777 2018-10-30
http://secunia.com/advisories/28880 2018-10-30
http://secunia.com/advisories/29340 2018-10-30
http://secunia.com/advisories/29897 2018-10-30
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html 2018-10-30
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml 2018-10-30
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0818.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0956.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1086.html 2018-10-30
http://www.vupen.com/english/advisories/2007/2495 2018-10-30
http://www.vupen.com/english/advisories/2007/2660 2018-10-30
http://www.vupen.com/english/advisories/2007/3009 2018-10-30
http://www.vupen.com/english/advisories/2007/3861 2018-10-30
http://www.vupen.com/english/advisories/2007/4224 2018-10-30
https://access.redhat.com/security/cve/CVE-2007-3698 2008-02-14
https://bugzilla.redhat.com/show_bug.cgi?id=249539 2008-02-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update9
Affected
Sun
Search vendor "Sun"
Jdk
Search vendor "Sun" for product "Jdk"
1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update1
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.4.2_11
Search vendor "Sun" for product "Jre" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.4.2_12
Search vendor "Sun" for product "Jre" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.4.2_13
Search vendor "Sun" for product "Jre" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.4.2_14
Search vendor "Sun" for product "Jre" and version "1.4.2_14"
-
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update9
Affected
Sun
Search vendor "Sun"
Jre
Search vendor "Sun" for product "Jre"
1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_1
Affected
Sun
Search vendor "Sun"
Sdk
Search vendor "Sun" for product "Sdk"
1.4.2_11
Search vendor "Sun" for product "Sdk" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
Sdk
Search vendor "Sun" for product "Sdk"
1.4.2_12
Search vendor "Sun" for product "Sdk" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
Sdk
Search vendor "Sun" for product "Sdk"
1.4.2_13
Search vendor "Sun" for product "Sdk" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
Sdk
Search vendor "Sun" for product "Sdk"
1.4.2_14
Search vendor "Sun" for product "Sdk" and version "1.4.2_14"
-
Affected