CVE-2013-0440

Priority
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers
to affect availability via vectors related to JSSE. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to CPU consumption in
the SSL/TLS implementation via a large number of ClientHello packets that
are not properly handled by (1) ClientHandshaker.java and (2)
ServerHandshaker.java.
Assigned-to
doko
Notes
Package
Upstream:pending (6b24-1.11.6, 6b27-1.12.1)
Package
Upstream:needs-triage
Package
Upstream:pending (7u9-2.3.5)
Package
Upstream:ignored (end of life)
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 21:02:24 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)