CVE-2004-2216
Description
A malformed client certificate can crash Sun Java System Web Server and Application Server, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed client certificate can crash Sun Java System Web Server and Application Server, leading to denial of service.
Vulnerability
Sun Java System Web Server versions 6.0 SP7 and earlier, and 6.1 SP1 and earlier, as well as Sun Java System Application Server 7 Update 4 and earlier, contain an unspecified vulnerability that can be triggered by a malformed client certificate [1]. The exact nature of the malformed certificate is not detailed, but it causes the server to crash.
Exploitation
An attacker can exploit this vulnerability remotely by sending a crafted client certificate during the TLS/SSL handshake. No authentication or prior access is required; the attacker only needs network connectivity to the server. The malformed certificate is processed by the server, leading to a crash.
Impact
Successful exploitation results in a denial of service (crash) of the affected server. The attacker does not gain code execution or data access, but service availability is compromised until the server is restarted.
Mitigation
Sun (now Oracle) released patches and recommended upgrading to fixed versions. For Web Server, upgrade to 6.0 SP8 or 6.1 SP2 or later; for Application Server, upgrade to 7 Update 5 or later. No workarounds are mentioned. The vulnerability is not listed in CISA KEV as of the publication date.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
15cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
- cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
- (no CPE)range: <=6.0 SP7, <=6.1 SP1
- Range: <=7 Update 4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/13072nvdPatchVendor Advisory
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.osvdb.org/11383nvdPatch
- www.securityfocus.com/bid/11593nvdPatch
- sunsolve.sun.com/search/document.donvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17941nvd
News mentions
0No linked articles in our index yet.