Note: This is an archival copy of Security Sun Alert 201724 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001273.1.
Date of Resolved Release
The Java Secure Socket Extension (JSSE) may incorrectly validate the digital certificate chain of a client and/or server (i.e. web site), thereby falsely authenticating the peer for Secure Socket Layer/Transport Layer Security (SSL/TLS) communications.
This issue can occur in the following releases:
Note: JSSE 1.0.2 and earlier releases are not affected. JSSE in SDK and JRE 1.4.x are also not affected.
There are no reliable symptoms that would show the described issue has been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following release:
JSSE 1.0.3_03 is available at: http://java.sun.com/products/jsse/index-103.html
Java Secure Socket Extension 1.0
This solution has no attachment