published date: December 31, 2004

CVE-2004-2216 : Denial of Service Vulnerability

Description

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

Product(s):

Sun Java System Application Server 7.0
Sun Java System Application Server 7.0 Platform Edition
Sun Java System Application Server 7.0 Standard Edition
Sun Java System Web Server 6.0
Sun Java System Web Server 6.0 SP1
Sun Java System Web Server 6.0 SP2
Sun Java System Web Server 6.0 SP3
Sun Java System Web Server 6.0 SP4
Sun Java System Web Server 6.0 SP5
Sun Java System Web Server 6.0 SP6
Sun Java System Web Server 6.0 SP7
Sun Java System Web Server 6.1
Sun Java System Web Server 6.1 SP1
Sun Java System Web Server 6.1 SP2
Sun Java System Web Server 6.1 SP3
Sun Java System Web Server 6.1 SP4
Sun Java System Web Server 6.1 SP5
Sun Java System Web Server 6.1 SP6
Sun Java System Web Server 6.1 SP7

CVSS:5 [Critical]
EPSS:0.80%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-2216, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-2216 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-2216

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales