• Close
  • Back to search

    Apple Java security update for CVE-2009-3875

    Severity CVSS Published Added Modified
    5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) November 04, 2009 January 25, 2012 February 12, 2015

    Available Exploits 

    Description

    The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

    Free Nexpose Download

    Discover, prioritize, and remediate security risks today!

     Download now

    References

    Solution

    apple-java-upgrade-1_4_2_22

    Related Vulnerabilities