Unrated severityNVD Advisory· Published Jul 11, 2007· Updated Apr 23, 2026
CVE-2007-3698
CVE-2007-3698
Description
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
Affected products
20cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
40- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0100.htmlnvdPatch
- www.redhat.com/support/errata/RHSA-2008-0132.htmlnvdPatch
- www.securityfocus.com/bid/24846nvdPatch
- secunia.com/advisories/26015nvdVendor Advisory
- secunia.com/advisories/26221nvdVendor Advisory
- secunia.com/advisories/26314nvdVendor Advisory
- secunia.com/advisories/26631nvdVendor Advisory
- secunia.com/advisories/26645nvdVendor Advisory
- secunia.com/advisories/26933nvdVendor Advisory
- secunia.com/advisories/27203nvdVendor Advisory
- secunia.com/advisories/27635nvdVendor Advisory
- secunia.com/advisories/27716nvdVendor Advisory
- secunia.com/advisories/28056nvdVendor Advisory
- secunia.com/advisories/28115nvdVendor Advisory
- secunia.com/advisories/28777nvdVendor Advisory
- secunia.com/advisories/28880nvdVendor Advisory
- secunia.com/advisories/29340nvdVendor Advisory
- secunia.com/advisories/29897nvdVendor Advisory
- www.cisco.com/en/US/products/products_security_response09186a008088bd19.htmlnvdVendor Advisory
- www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtmlnvdVendor Advisory
- www.vupen.com/english/advisories/2007/2495nvdVendor Advisory
- www.vupen.com/english/advisories/2007/2660nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3009nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3861nvdVendor Advisory
- www.vupen.com/english/advisories/2007/4224nvdVendor Advisory
- dev2dev.bea.com/pub/advisory/249nvd
- docs.info.apple.com/article.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/Security-announce/2007/Dec/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.htmlnvd
- osvdb.org/36663nvd
- support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.htmlnvd
- www.gentoo.org/security/en/glsa/glsa-200709-15.xmlnvd
- www.redhat.com/support/errata/RHSA-2007-0818.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0956.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-1086.htmlnvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35333nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634nvd
News mentions
0No linked articles in our index yet.