CVE Vulnerabilities

CVE-2009-3875

Published: Nov 05, 2009 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to timing attack vulnerabilities, aka Bug Id 6863503.

Affected Software

Name Vendor Start Version End Version
Jdk Sun 1.5.0-update1 (including) 1.5.0-update1 (including)
Jdk Sun 1.5.0-update10 (including) 1.5.0-update10 (including)
Jdk Sun 1.5.0-update11 (including) 1.5.0-update11 (including)
Jdk Sun 1.5.0-update11_b03 (including) 1.5.0-update11_b03 (including)
Jdk Sun 1.5.0-update12 (including) 1.5.0-update12 (including)
Jdk Sun 1.5.0-update13 (including) 1.5.0-update13 (including)
Jdk Sun 1.5.0-update14 (including) 1.5.0-update14 (including)
Jdk Sun 1.5.0-update15 (including) 1.5.0-update15 (including)
Jdk Sun 1.5.0-update16 (including) 1.5.0-update16 (including)
Jdk Sun 1.5.0-update17 (including) 1.5.0-update17 (including)
Jdk Sun 1.5.0-update18 (including) 1.5.0-update18 (including)
Jdk Sun 1.5.0-update19 (including) 1.5.0-update19 (including)
Jdk Sun 1.5.0-update2 (including) 1.5.0-update2 (including)
Jdk Sun 1.5.0-update20 (including) 1.5.0-update20 (including)
Jdk Sun 1.5.0-update21 (including) 1.5.0-update21 (including)
Jdk Sun 1.5.0-update3 (including) 1.5.0-update3 (including)
Jdk Sun 1.5.0-update4 (including) 1.5.0-update4 (including)
Jdk Sun 1.5.0-update5 (including) 1.5.0-update5 (including)
Jdk Sun 1.5.0-update6 (including) 1.5.0-update6 (including)
Jdk Sun 1.5.0-update7 (including) 1.5.0-update7 (including)
Jdk Sun 1.5.0-update7_b03 (including) 1.5.0-update7_b03 (including)
Jdk Sun 1.5.0-update8 (including) 1.5.0-update8 (including)
Jdk Sun 1.5.0-update9 (including) 1.5.0-update9 (including)
Jdk Sun 1.6.0-update1 (including) 1.6.0-update1 (including)
Jdk Sun 1.6.0-update10 (including) 1.6.0-update10 (including)
Jdk Sun 1.6.0-update11 (including) 1.6.0-update11 (including)
Jdk Sun 1.6.0-update12 (including) 1.6.0-update12 (including)
Jdk Sun 1.6.0-update13 (including) 1.6.0-update13 (including)
Jdk Sun 1.6.0-update14 (including) 1.6.0-update14 (including)
Jdk Sun 1.6.0-update15 (including) 1.6.0-update15 (including)
Jdk Sun 1.6.0-update16 (including) 1.6.0-update16 (including)
Jdk Sun 1.6.0-update2 (including) 1.6.0-update2 (including)
Jdk Sun 1.6.0-update3 (including) 1.6.0-update3 (including)
Jdk Sun 1.6.0-update4 (including) 1.6.0-update4 (including)
Jdk Sun 1.6.0-update5 (including) 1.6.0-update5 (including)
Jdk Sun 1.6.0-update6 (including) 1.6.0-update6 (including)
Jdk Sun 1.6.0-update7 (including) 1.6.0-update7 (including)
Jdk Sun 1.6.0-update8 (including) 1.6.0-update8 (including)
Jdk Sun 1.6.0-update9 (including) 1.6.0-update9 (including)
Jre Sun 1.4.2_1 (including) 1.4.2_1 (including)
Jre Sun 1.4.2_2 (including) 1.4.2_2 (including)
Jre Sun 1.4.2_02 (including) 1.4.2_02 (including)
Jre Sun 1.4.2_03 (including) 1.4.2_03 (including)
Jre Sun 1.4.2_3 (including) 1.4.2_3 (including)
Jre Sun 1.4.2_4 (including) 1.4.2_4 (including)
Jre Sun 1.4.2_04 (including) 1.4.2_04 (including)
Jre Sun 1.4.2_05 (including) 1.4.2_05 (including)
Jre Sun 1.4.2_5 (including) 1.4.2_5 (including)
Jre Sun 1.4.2_06 (including) 1.4.2_06 (including)
Jre Sun 1.4.2_6 (including) 1.4.2_6 (including)
Jre Sun 1.4.2_7 (including) 1.4.2_7 (including)
Jre Sun 1.4.2_07 (including) 1.4.2_07 (including)
Jre Sun 1.4.2_8 (including) 1.4.2_8 (including)
Jre Sun 1.4.2_08 (including) 1.4.2_08 (including)
Jre Sun 1.4.2_09 (including) 1.4.2_09 (including)
Jre Sun 1.4.2_9 (including) 1.4.2_9 (including)
Jre Sun 1.4.2_10 (including) 1.4.2_10 (including)
Jre Sun 1.4.2_11 (including) 1.4.2_11 (including)
Jre Sun 1.4.2_12 (including) 1.4.2_12 (including)
Jre Sun 1.4.2_13 (including) 1.4.2_13 (including)
Jre Sun 1.4.2_14 (including) 1.4.2_14 (including)
Jre Sun 1.4.2_15 (including) 1.4.2_15 (including)
Jre Sun 1.4.2_16 (including) 1.4.2_16 (including)
Jre Sun 1.4.2_17 (including) 1.4.2_17 (including)
Jre Sun 1.4.2_18 (including) 1.4.2_18 (including)
Jre Sun 1.4.2_19 (including) 1.4.2_19 (including)
Jre Sun 1.4.2_20 (including) 1.4.2_20 (including)
Jre Sun 1.4.2_21 (including) 1.4.2_21 (including)
Jre Sun 1.4.2_22 (including) 1.4.2_22 (including)
Jre Sun 1.4.2_23 (including) 1.4.2_23 (including)
Jre Sun 1.5.0-update1 (including) 1.5.0-update1 (including)
Jre Sun 1.5.0-update10 (including) 1.5.0-update10 (including)
Jre Sun 1.5.0-update11 (including) 1.5.0-update11 (including)
Jre Sun 1.5.0-update12 (including) 1.5.0-update12 (including)
Jre Sun 1.5.0-update13 (including) 1.5.0-update13 (including)
Jre Sun 1.5.0-update14 (including) 1.5.0-update14 (including)
Jre Sun 1.5.0-update15 (including) 1.5.0-update15 (including)
Jre Sun 1.5.0-update16 (including) 1.5.0-update16 (including)
Jre Sun 1.5.0-update17 (including) 1.5.0-update17 (including)
Jre Sun 1.5.0-update18 (including) 1.5.0-update18 (including)
Jre Sun 1.5.0-update19 (including) 1.5.0-update19 (including)
Jre Sun 1.5.0-update2 (including) 1.5.0-update2 (including)
Jre Sun 1.5.0-update20 (including) 1.5.0-update20 (including)
Jre Sun 1.5.0-update21 (including) 1.5.0-update21 (including)
Jre Sun 1.5.0-update3 (including) 1.5.0-update3 (including)
Jre Sun 1.5.0-update4 (including) 1.5.0-update4 (including)
Jre Sun 1.5.0-update5 (including) 1.5.0-update5 (including)
Jre Sun 1.5.0-update6 (including) 1.5.0-update6 (including)
Jre Sun 1.5.0-update7 (including) 1.5.0-update7 (including)
Jre Sun 1.5.0-update8 (including) 1.5.0-update8 (including)
Jre Sun 1.5.0-update9 (including) 1.5.0-update9 (including)
Jre Sun 1.6.0-update_1 (including) 1.6.0-update_1 (including)
Jre Sun 1.6.0-update_2 (including) 1.6.0-update_2 (including)
Jre Sun 1.6.0-update_3 (including) 1.6.0-update_3 (including)
Jre Sun 1.6.0-update10 (including) 1.6.0-update10 (including)
Jre Sun 1.6.0-update11 (including) 1.6.0-update11 (including)
Jre Sun 1.6.0-update12 (including) 1.6.0-update12 (including)
Jre Sun 1.6.0-update13 (including) 1.6.0-update13 (including)
Jre Sun 1.6.0-update14 (including) 1.6.0-update14 (including)
Jre Sun 1.6.0-update15 (including) 1.6.0-update15 (including)
Jre Sun 1.6.0-update16 (including) 1.6.0-update16 (including)
Jre Sun 1.6.0-update4 (including) 1.6.0-update4 (including)
Jre Sun 1.6.0-update5 (including) 1.6.0-update5 (including)
Jre Sun 1.6.0-update6 (including) 1.6.0-update6 (including)
Jre Sun 1.6.0-update7 (including) 1.6.0-update7 (including)
Jre Sun 1.6.0-update8 (including) 1.6.0-update8 (including)
Jre Sun 1.6.0-update9 (including) 1.6.0-update9 (including)
Sdk Sun 1.4.2_01 (including) 1.4.2_01 (including)
Sdk Sun 1.4.2_1 (including) 1.4.2_1 (including)
Sdk Sun 1.4.2_2 (including) 1.4.2_2 (including)
Sdk Sun 1.4.2_02 (including) 1.4.2_02 (including)
Sdk Sun 1.4.2_03 (including) 1.4.2_03 (including)
Sdk Sun 1.4.2_3 (including) 1.4.2_3 (including)
Sdk Sun 1.4.2_04 (including) 1.4.2_04 (including)
Sdk Sun 1.4.2_4 (including) 1.4.2_4 (including)
Sdk Sun 1.4.2_5 (including) 1.4.2_5 (including)
Sdk Sun 1.4.2_05 (including) 1.4.2_05 (including)
Sdk Sun 1.4.2_6 (including) 1.4.2_6 (including)
Sdk Sun 1.4.2_06 (including) 1.4.2_06 (including)
Sdk Sun 1.4.2_07 (including) 1.4.2_07 (including)
Sdk Sun 1.4.2_7 (including) 1.4.2_7 (including)
Sdk Sun 1.4.2_8 (including) 1.4.2_8 (including)
Sdk Sun 1.4.2_08 (including) 1.4.2_08 (including)
Sdk Sun 1.4.2_09 (including) 1.4.2_09 (including)
Sdk Sun 1.4.2_9 (including) 1.4.2_9 (including)
Sdk Sun 1.4.2_10 (including) 1.4.2_10 (including)
Sdk Sun 1.4.2_11 (including) 1.4.2_11 (including)
Sdk Sun 1.4.2_12 (including) 1.4.2_12 (including)
Sdk Sun 1.4.2_13 (including) 1.4.2_13 (including)
Sdk Sun 1.4.2_14 (including) 1.4.2_14 (including)
Sdk Sun 1.4.2_15 (including) 1.4.2_15 (including)
Sdk Sun 1.4.2_16 (including) 1.4.2_16 (including)
Sdk Sun 1.4.2_17 (including) 1.4.2_17 (including)
Sdk Sun 1.4.2_18 (including) 1.4.2_18 (including)
Sdk Sun 1.4.2_19 (including) 1.4.2_19 (including)
Sdk Sun 1.4.2_20 (including) 1.4.2_20 (including)
Sdk Sun 1.4.2_21 (including) 1.4.2_21 (including)
Sdk Sun 1.4.2_22 (including) 1.4.2_22 (including)
Sdk Sun 1.4.2_23 (including) 1.4.2_23 (including)
Extras for RHEL 3 RedHat java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el3 *
Extras for RHEL 4 RedHat java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4 *
Extras for RHEL 4 RedHat java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4 *
Extras for RHEL 4 RedHat java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el4 *
Extras for RHEL 4 RedHat java-1.5.0-ibm-1:1.5.0.11-1jpp.1.el4 *
Extras for RHEL 4 RedHat java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4 *
Red Hat Enterprise Linux 5 RedHat java-1.6.0-openjdk-1:1.6.0.0-1.7.b09.el5 *
Red Hat Network Satellite Server v 5.3 RedHat java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4 *
RHEL 4 for SAP RedHat java-1.4.2-ibm-0:1.4.2.13.4.sap-1jpp.1.el4_8 *
RHEL 5 for SAP RedHat java-1.4.2-ibm-0:1.4.2.13.4.sap-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.5.0-sun-0:1.5.0.22-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.4.2-ibm-0:1.4.2.13.3-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.5.0-ibm-1:1.5.0.11-1jpp.1.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5 *
Openjdk-6 Ubuntu hardy *
Openjdk-6 Ubuntu intrepid *
Openjdk-6 Ubuntu jaunty *
Openjdk-6 Ubuntu karmic *
Openjdk-6 Ubuntu upstream *
Sun-java5 Ubuntu dapper *
Sun-java5 Ubuntu intrepid *
Sun-java5 Ubuntu jaunty *
Sun-java5 Ubuntu upstream *
Sun-java6 Ubuntu hardy *
Sun-java6 Ubuntu intrepid *
Sun-java6 Ubuntu jaunty *
Sun-java6 Ubuntu karmic *
Sun-java6 Ubuntu lucid *
Sun-java6 Ubuntu upstream *

References