(Cisco Issues Fix for Cisco Unified Presence) Java Secure Socket Extension (JSSE) SSL/TLS Handshake Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018456 |
|
SecurityTracker URL: http://securitytracker.com/id/1018456
|
|
CVE Reference:
CVE-2007-3698
(Links to External Site)
|
Date: Jul 25 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 6.0(1)
|
Description:
A vulnerability was reported in Java Secure Socket Extension (JSSE). A remote user can cause denial of service conditions. Cisco Unified Presence is affected.
JSSE does not properly process SSL/TLS handshake requests. A remote user can send a specially crafted request to cause the target system to crash.
Sun credits Cisco Systems with reporting this vulnerability.
|
Impact:
A remote user can cause the target system to crash.
|
Solution:
Cisco has issued a fix (6.0(1)) for Cisco Unified Presence, which is affected by this Java vulnerability.
The Cisco advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 25 Jul 2007 12:13:14 -0400
Subject: Cisco Unified Call Manager and Cisco Unified Presence
|
http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml
|
|
