Note: This is an archival copy of Security Sun Alert 200654 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000511.1.
4730667, 4732385, 4735737, 4735750
Date of Resolved Release
Java Secure Socket Extension (JSSE) may incorrectly validate the digital certificate ...
The Java Secure Socket Extension (JSSE) may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions.
The Java Plug-in and Java Web Start may incorrectly validate the digital certificates of signed JAR files. This may result in untrustworthy code being executed as trusted code.
2. Contributing Factors
This issue can occur in the following releases:
There are no reliable symptoms that would show the described issue has been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Java Web Start 1.0
This solution has no attachment