CVE-2007-3698

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

Published: Jul 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3698
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / sdk	1.4.2_12	1.4.2_12.x
sun / sdk	1.4.2_14	1.4.2_14.x
sun / jre	1.6.0-update_1	1.6.0-update_1.x
sun / jre	1.4.2_13	1.4.2_13.x
sun / sdk	1.4.2_13	1.4.2_13.x
sun / jdk	1.5.0-update11	1.5.0-update11.x
sun / jre	1.5.0-update8	1.5.0-update8.x
sun / jdk	1.5.0-update9	1.5.0-update9.x
sun / jre	1.4.2_12	1.4.2_12.x
sun / jre	1.5.0-update11	1.5.0-update11.x
sun / jre	1.4.2_14	1.4.2_14.x
sun / jre	1.5.0-update7	1.5.0-update7.x
sun / jdk	1.6.0-update1	1.6.0-update1.x
sun / jdk	1.5.0-update7	1.5.0-update7.x
sun / sdk	1.4.2_11	1.4.2_11.x
sun / jre	1.5.0-update9	1.5.0-update9.x
sun / jre	1.4.2_11	1.4.2_11.x
sun / jre	1.5.0-update10	1.5.0-update10.x
sun / jdk	1.5.0-update8	1.5.0-update8.x
sun / jdk	1.5.0-update10	1.5.0-update10.x

Vulnerability Database

289,697

CVE-2007-3698