Vulnerability & Exploit Database

Back to search

RHSA-2010:0130: java-1.5.0-ibm security update

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) April 01, 2010 April 01, 2010 July 04, 2017

Available Exploits 

Description

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment andthe IBM Java 2 Software Development Kit.A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could forcethe server to process an attacker's request as if authenticated using thevictim's credentials. (CVE-2009-3555)This update disables renegotiation in the Java Secure Socket Extension(JSSE) component. Unsafe renegotiation can be re-enabled using thecom.ibm.jsse2.renegotiate property. Refer to the following Knowledgebasearticle for details: http://kbase.redhat.com/faq/docs/DOC-20491All users of java-1.5.0-ibm are advised to upgrade to these updatedpackages, containing the IBM 1.5.0 SR11-FP1 Java release. All runninginstances of IBM Java must be restarted for this update to take effect.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-java-1-5-0-ibm

Related Vulnerabilities