Rapid7 Vulnerability & Exploit Database

JRE DER Decoding Denial of Service

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

JRE DER Decoding Denial of Service

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
11/05/2009
Created
07/25/2018
Added
11/18/2009
Modified
09/13/2018

Description

Two vulnerabilities in the Java Runtime Environment (JRE) 6 update 16 and earlier, 5.0 update 21 and earlier, 1.4.2_23 and earlier as well as 1.3.1_26 and earlier are vulnerable to a denial of service involving decoding DER encoded data and parsing HTTP headers. This may allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Solution(s)

  • jre-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;