Required CVE Record Information
Description
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
References 27 Total
- marc.info: HPSBUX02503 vendor-advisory
- securityfocus.com: 36881 vdb-entry
- http://support.apple.com/kb/HT3970
- marc.info: HPSBMU02799 vendor-advisory
- http://support.apple.com/kb/HT3969
- marc.info: HPSBMU02703 vendor-advisory
- security.gentoo.org: GLSA-200911-02 vendor-advisory
- redhat.com: RHSA-2009:1694 vendor-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:12112 vdb-entrysignature
- oval.cisecurity.org: oval:org.mitre.oval:def:7549 vdb-entrysignature
- lists.apple.com: APPLE-SA-2009-12-03-1 vendor-advisory
- secunia.com: 37231 third-party-advisory
- marc.info: SSRT100019 vendor-advisory
- marc.info: SSRT100242 vendor-advisory
- lists.opensuse.org: SUSE-SA:2009:058 vendor-advisory
- vupen.com: ADV-2009-3131 vdb-entry
- lists.apple.com: APPLE-SA-2009-12-03-2 vendor-advisory
- secunia.com: 37581 third-party-advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
- http://java.sun.com/javase/6/webnotes/6u17.html
- secunia.com: 37841 third-party-advisory
- secunia.com: 37239 third-party-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:11847 vdb-entrysignature
- oval.cisecurity.org: oval:org.mitre.oval:def:7913 vdb-entrysignature
- mandriva.com: MDVSA-2010:084 vendor-advisory
- secunia.com: 37386 third-party-advisory
- sunsolve.sun.com: 270475 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 27 Total
- marc.info: HPSBUX02503 vendor-advisoryx_transferred
- securityfocus.com: 36881 vdb-entryx_transferred
- http://support.apple.com/kb/HT3970 x_transferred
- marc.info: HPSBMU02799 vendor-advisoryx_transferred
- http://support.apple.com/kb/HT3969 x_transferred
- marc.info: HPSBMU02703 vendor-advisoryx_transferred
- security.gentoo.org: GLSA-200911-02 vendor-advisoryx_transferred
- redhat.com: RHSA-2009:1694 vendor-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:12112 vdb-entrysignaturex_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:7549 vdb-entrysignaturex_transferred
- lists.apple.com: APPLE-SA-2009-12-03-1 vendor-advisoryx_transferred
- secunia.com: 37231 third-party-advisoryx_transferred
- marc.info: SSRT100019 vendor-advisoryx_transferred
- marc.info: SSRT100242 vendor-advisoryx_transferred
- lists.opensuse.org: SUSE-SA:2009:058 vendor-advisoryx_transferred
- vupen.com: ADV-2009-3131 vdb-entryx_transferred
- lists.apple.com: APPLE-SA-2009-12-03-2 vendor-advisoryx_transferred
- secunia.com: 37581 third-party-advisoryx_transferred
- http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html x_transferred
- http://java.sun.com/javase/6/webnotes/6u17.html x_transferred
- secunia.com: 37841 third-party-advisoryx_transferred
- secunia.com: 37239 third-party-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:11847 vdb-entrysignaturex_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:7913 vdb-entrysignaturex_transferred
- mandriva.com: MDVSA-2010:084 vendor-advisoryx_transferred
- secunia.com: 37386 third-party-advisoryx_transferred
- sunsolve.sun.com: 270475 vendor-advisoryx_transferred