Published: 05/11/2009 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 580

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x prior to 1.3.1_27, and SDK and JRE 1.4.x prior to 1.4.2_24 allows remote malicious users to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 1.5.0
sun jdk 1.6.0
sun jre 1.4.2 1
sun jre 1.4.2 2
sun jre 1.4.2 02
sun jre 1.4.2 3
sun jre 1.4.2 03
sun jre 1.4.2 4
sun jre 1.4.2 04
sun jre 1.4.2 05
sun jre 1.4.2 5
sun jre 1.4.2 6
sun jre 1.4.2 06
sun jre 1.4.2 07
sun jre 1.4.2 7
sun jre 1.4.2 8
sun jre 1.4.2 08
sun jre 1.4.2 9
sun jre 1.4.2 09
sun jre 1.4.2 10
sun jre 1.4.2 11
sun jre 1.4.2 12
sun jre 1.4.2 13
sun jre 1.4.2 14
sun jre 1.4.2 15
sun jre 1.4.2 16
sun jre 1.4.2 17
sun jre 1.4.2 18
sun jre 1.4.2 19
sun jre 1.4.2 20
sun jre 1.4.2 21
sun jre 1.4.2 22
sun jre 1.4.2 23
sun jre 1.5.0
sun jre 1.6.0
sun sdk 1.4.2 1
sun sdk 1.4.2 01
sun sdk 1.4.2 2
sun sdk 1.4.2 02
sun sdk 1.4.2 03
sun sdk 1.4.2 3
sun sdk 1.4.2 4
sun sdk 1.4.2 04
sun sdk 1.4.2 5
sun sdk 1.4.2 05
sun sdk 1.4.2 06
sun sdk 1.4.2 6
sun sdk 1.4.2 7
sun sdk 1.4.2 07
sun sdk 1.4.2 8
sun sdk 1.4.2 08
sun sdk 1.4.2 9
sun sdk 1.4.2 09
sun sdk 1.4.2 10
sun sdk 1.4.2 11
sun sdk 1.4.2 12
sun sdk 1.4.2 13
sun sdk 1.4.2 14
sun sdk 1.4.2 15
sun sdk 1.4.2 16
sun sdk 1.4.2 17
sun sdk 1.4.2 18
sun sdk 1.4.2 19
sun sdk 1.4.2 20
sun sdk 1.4.2 21
sun sdk 1.4.2 22
sun sdk 1.4.2 23
sun jre 1.3.1 1
sun jre 1.3.1 01
sun jre 1.3.1 01a
sun jre 1.3.1 02
sun jre 1.3.1 2
sun jre 1.3.1 03
sun jre 1.3.1 3
sun jre 1.3.1 04
sun jre 1.3.1 4
sun jre 1.3.1 5
sun jre 1.3.1 05
sun jre 1.3.1 06
sun jre 1.3.1 6
sun jre 1.3.1 07
sun jre 1.3.1 7
sun jre 1.3.1 08
sun jre 1.3.1 8
sun jre 1.3.1 9
sun jre 1.3.1 09
sun jre 1.3.1 10
sun jre 1.3.1 11
sun jre 1.3.1 12
sun jre 1.3.1 13
sun jre 1.3.1 14
sun jre 1.3.1 15
sun jre 1.3.1 16
sun jre 1.3.1 17
sun jre 1.3.1 18
sun jre 1.3.1 19
sun jre 1.3.1 20
sun jre 1.3.1 21
sun jre 1.3.1 22
sun jre 1.3.1 23
sun jre 1.3.1 24
sun jre 1.3.1 25
sun sdk 1.3.1 01
sun sdk 1.3.1 01a
sun sdk 1.3.1 02
sun sdk 1.3.1 2
sun sdk 1.3.1 03
sun sdk 1.3.1 3
sun sdk 1.3.1 4
sun sdk 1.3.1 04
sun sdk 1.3.1 05
sun sdk 1.3.1 5
sun sdk 1.3.1 6
sun sdk 1.3.1 06
sun sdk 1.3.1 07
sun sdk 1.3.1 7
sun sdk 1.3.1 8
sun sdk 1.3.1 08
sun sdk 1.3.1 9
sun sdk 1.3.1 09
sun sdk 1.3.1 10
sun sdk 1.3.1 11
sun sdk 1.3.1 12
sun sdk 1.3.1 13
sun sdk 1.3.1 14
sun sdk 1.3.1 15
sun sdk 1.3.1 16
sun sdk 1.3.1 17
sun sdk 1.3.1 18
sun sdk 1.3.1 19
sun sdk 1.3.1 20
sun sdk 1.3.1 21
sun sdk 1.3.1 22
sun sdk 1.3.1 23
sun sdk 1.3.1 24
sun sdk 1.3.1 25

Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Low: Red Hat Network Satellite Server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 53This update has been rated as having low security impact by th ...

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK (CVE-2009-2409) ...

Netragard, LLC Advisory - Mac OS X Java Runtime suffers from buffer overflows that allow for remote code execution ...

CWE-310 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1 http://www.securityfocus.com/bid/36881 http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37231 http://www.vupen.com/english/advisories/2009/3131 http://secunia.com/advisories/37239 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://security.gentoo.org/glsa/glsa-200911-02.xml http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://secunia.com/advisories/37581 http://secunia.com/advisories/37386 http://support.apple.com/kb/HT3970 http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://support.apple.com/kb/HT3969 http://www.redhat.com/support/errata/RHSA-2009-1694.html http://secunia.com/advisories/37841 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=126566824131534&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7549 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12112 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11847 https://access.redhat.com/errata/RHSA-2009:1694 https://nvd.nist.gov https://usn.ubuntu.com/859-1/

Get Started

CVE-2009-3875

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect