Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability

A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source.

Sun acknowledges with thanks, Marc Schoenefeld, for bringing this issue to our attention.

Resolution

This issue is addressed in the following releases:
SDK and JRE 1.4.2_06 and later for Windows, Solaris, and Linux

J2SE releases are available for download at:
J2SE 5.0 at http://java.sun.com/j2se/1.5.0/download.jsp
J2SE 1.4.2_06 at http://java.sun.com/j2se/1.4.2/download.html and http://java.com/

Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages.

http://classic.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57707&zone_32=category%3A%2Asecurity

Leave a Reply