CVE-2009-3877

Published: 05 November 2009

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
Upstream
Released (6b17)
sun-java5
Launchpad, Ubuntu, Debian
Upstream
Released (1.5.0-22)
sun-java6
Launchpad, Ubuntu, Debian
Upstream
Released (6.17)