CVE-2009-3875

 

Published at: - 05-11-2009 05:30

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:P/A:N

 

Verification logic

 

Reference

• 270475-Patch, Vendor Advisory
• 36881-
• http://java.sun.com/javase/6/webnotes/6u17.html
• 37231-Vendor Advisory
• ADV-2009-3131-Vendor Advisory
• 37239-
• SUSE-SA:2009:058-
• GLSA-200911-02-
• APPLE-SA-2009-12-03-2-
• 37581-
• 37386-
• http://support.apple.com/kb/HT3970
• APPLE-SA-2009-12-03-1-
• http://support.apple.com/kb/HT3969
• RHSA-2009:1694-
• 37841-
• MDVSA-2010:084-
• SSRT100242-
• http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
• HPSBMU02799-
• SSRT100019-
• oval:org.mitre.oval:def:7913-
• oval:org.mitre.oval:def:7549-
• oval:org.mitre.oval:def:12112-
• oval:org.mitre.oval:def:11847-

 

Keywords

NVD

 

CVE-2009-3875

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures