Note: This is an archival copy of Security Sun Alert 201724 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001273.1.
Article ID : 1001273.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-21
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Java Secure Socket Extension (JSSE) May Incorrectly Validate Certificates

Category
Security

Release Phase
Resolved

Bug Id
5003433

Date of Resolved Release
17-MAY-2004

Impact

The Java Secure Socket Extension (JSSE) may incorrectly validate the digital certificate chain of a client and/or server (i.e. web site), thereby falsely authenticating the peer for Secure Socket Layer/Transport Layer Security (SSL/TLS) communications.


Contributing Factors

This issue can occur in the following releases:

  • JSSE 1.0.3, 1.0.3_01 and 1.0.3_02 for Windows, Solaris and Linux

Note: JSSE 1.0.2 and earlier releases are not affected. JSSE in SDK and JRE 1.4.x are also not affected.


Symptoms

There are no reliable symptoms that would show the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following release:

  • JSSE 1.0.3_03

JSSE 1.0.3_03 is available at: http://java.sun.com/products/jsse/index-103.html



Modification History

Product
Java Secure Socket Extension 1.0


 










































Attachments
This solution has no attachment