CVE-2009-3875 — MEDIUM (5.0)

Vulnerability Description

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Sun	Jdk	1.5.0
Sun	Jre	1.4.2_1
Sun	Sdk	1.4.2_01
Linux	Linux Kernel	All versions
Microsoft	Windows	All versions
Sun	Solaris	All versions

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2009-3875?

CVE-2009-3875 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and ...

How severe is CVE-2009-3875?

CVE-2009-3875 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3875?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre, Sun Sdk, Linux Linux Kernel, Microsoft Windows.