CVE-2004-2540
Description
Crafted serialized data causes denial of service in Java Runtime Environment 1.4.0 through 1.4.2_05.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crafted serialized data causes denial of service in Java Runtime Environment 1.4.0 through 1.4.2_05.
Vulnerability
The vulnerability exists in the readObject method of Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.0 through 1.4.2_05. Crafted serialized data can trigger an unresponsive JVM, leading to denial of service. [1]
Exploitation
An attacker can send specially crafted serialized data to a Java application that deserializes untrusted input. No authentication is required; the attacker only needs network access to the target service. The exploit does not require user interaction beyond the application processing the malicious data.
Impact
Successful exploitation results in the Java Virtual Machine becoming unresponsive, causing a denial of service. The attacker does not gain code execution or data access; the impact is limited to availability.
Mitigation
Sun Microsystems released updates addressing this issue. Users should upgrade to a version beyond 1.4.2_05. The vulnerability is also mitigated by not deserializing untrusted data. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
86cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*+ 38 more
- cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_03:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_03:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_03:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_4:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_4:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.0_4:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_01:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_01:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_01:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_02:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_02:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_02:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_03:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_03:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1_03:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_01:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_03:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_03:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_03:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_04:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_04:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_04:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_05:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_05:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2_05:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4.2:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*+ 44 more
- cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_03:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_03:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_03:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_04:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_04:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.0_04:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_01:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_01:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_01:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_02:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_02:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_02:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1_07:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update3:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update3:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:update3:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update1:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update1:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update1:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update2:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update2:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update3:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update3:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update3:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update4:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update4:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update4:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update5:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update5:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:update5:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*
- Range: 1.4.0 through 1.4.2_05
- Range: 1.4.0 through 1.4.2_05
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.