Java开发网 - Sun Java Runtime Environment远程拒绝服务漏洞

Java开发网

您没有登录

» Java开发网 » Java Security

打印话题 寄给朋友 订阅主题

作者

Sun Java Runtime Environment远程拒绝服务漏洞

阿熊

发贴: 0
积分: 0

于 2004-12-30 11:54

1.4.2_06已修正

http://classic.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57707&zone_32=category%3A%2Asecuri

Description Top

Sun(sm) Alert Notification
Sun Alert ID: 57707
Synopsis: Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability
Category: Security
Product: Java SDK and JRE
BugIDs: 5037001
Avoidance: Upgrade
State: Resolved
Date Released: 20-Dec-2004
Date Closed: 20-Dec-2004
Date Modified:
1. Impact
A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source.

Sun acknowledges with thanks, Marc Schoenefeld, for bringing this issue to our attention.

2. Contributing Factors
This issue can occur in the following releases:

SDK and JRE 1.4.2_05 and earlier, and all 1.4.1 and 1.4.0 releases for Windows, Solaris and Linux
Note: JDK and JRE 5.0 and releases prior to SDK and JRE 1.4 are not affected by this issue.

To determine the version of Java on a system, the following command can be run:

% java -fullversion
java full version "1.4.1_06-b01"
3. Symptoms
The Java Runtime Environment (JRE) is unresponsive.

Solution Summary Top

4. Relief/Workaround
There is no workaround. Please see the "Resolution" section below.

5. Resolution
This issue is addressed in the following releases:

SDK and JRE 1.4.2_06 and later for Windows, Solaris, and Linux
J2SE releases are available for download at:

J2SE 5.0 at http://java.sun.com/j2se/1.5.0/download.jsp
J2SE 1.4.2_06 at http://java.sun.com/j2se/1.4.2/download.html and http://java.com/

已读帖子

新的帖子

被删除的帖子