CVE-2009-3877 — MEDIUM (5.0)

Vulnerability Description

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Sun	Jdk	1.5.0
Sun	Jre	1.4.2_1
Sun	Sdk	1.4.2_01
Linux	Linux Kernel	All versions
Microsoft	Windows	All versions
Sun	Solaris	All versions

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2009-3877?

CVE-2009-3877 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote att...

How severe is CVE-2009-3877?

CVE-2009-3877 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3877?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre, Sun Sdk, Linux Linux Kernel, Microsoft Windows.