users@glassfish.java.net

CVE-2011-3389 and Glassfish 3.1.1

From: <forums_at_java.net>
Date: Thu, 23 Feb 2012 08:40:22 -0600 (CST)

Hello,
I have a question regarding the SSL/TLS vulnerability described at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389, which was
confirmed for some versions of the JDK (see
www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html [1])
Does Glassfish 3.1.1 use the SSL/TLS implementation of the underlying
JSSE/JDK and is hence affected by this problem when I use one of the affected
JDKs?
Or put another way: Can I assume, that GlassFish is not affected by the
SSL/TLS vulnerability, when I switch to an patched JDK?
Regards
 


[1]
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 

--
[Message sent by forum member 'meikw']
View Post: http://forums.java.net/node/883733
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.