Description
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
Product(s):
- Sun JDK 1.4.0_01 for Windows
- Sun JDK 1.4.0_02 for Linux
- Sun JDK 1.4.0_02 for Solaris
- Sun JDK 1.4.0_02 for Windows
- Sun JDK 1.4.0_03 for Linux
- Sun JDK 1.4.0_03 for Solaris
- Sun JDK 1.4.0_03 for Windows
- Sun JDK 1.4.0_4 for Linux
- Sun JDK 1.4.0_4 for Solaris
- Sun JDK 1.4.0_4 for Windows
- Sun JDK 1.4.1 for Linux
- Sun JDK 1.4.1 for Solaris
- Sun JDK 1.4.1 for Windows
- Sun JDK 1.4.1_01 for Linux
- Sun JDK 1.4.1_01 for Solaris
- Sun JDK 1.4.1_01 for Windows
- Sun JDK 1.4.1_02 for Linux
- Sun JDK 1.4.1_02 for Solaris
- Sun JDK 1.4.1_02 for Windows
- Sun JDK 1.4.1_03 for Linux
- Sun JDK 1.4.1_03 for Solaris
- Sun JDK 1.4.1_03 for Windows
- Sun JDK 1.4.2 for Linux
- Sun JDK 1.4.2 for Solaris
- Sun JDK 1.4.2 for Windows
- Sun JDK 1.4.2_01 for Linux
- Sun JDK 1.4.2_02 for Linux
- Sun JDK 1.4.2_03 for Linux
- Sun JDK 1.4.2_03 for Solaris
- Sun JDK 1.4.2_03 for Windows
- Sun JDK 1.4.2_04 for Linux
- Sun JDK 1.4.2_04 for Solaris
- Sun JDK 1.4.2_04 for Windows
- Sun JDK 1.4.2_05 for Linux
- Sun JDK 1.4.2_05 for Solaris
- Sun JDK 1.4.2_05 for Windows
- Sun JDK 1.4 for Linux
- Sun JDK 1.4 for Solaris
- Sun JDK 1.4 for Windows
- Sun JRE 1.4.0_01 for Solaris
- Sun JRE 1.4.0_01 for Windows
- Sun JRE 1.4.0_02 for Linux
- Sun JRE 1.4.0_02 for Solaris
- Sun JRE 1.4.0_02 for Windows
- Sun JRE 1.4.0_03 for Linux
- Sun JRE 1.4.0_03 for Solaris
- Sun JRE 1.4.0_03 for Windows
- Sun JRE 1.4.0_04 for Linux
- Sun JRE 1.4.0_04 for Solaris
- Sun JRE 1.4.0_04 for Windows
- Sun JRE 1.4.1 for Linux
- Sun JRE 1.4.1 for Solaris
- Sun JRE 1.4.1 for Windows
- Sun JRE 1.4.1 Update 3 for Linux
- Sun JRE 1.4.1 Update 3 for Solaris
- Sun JRE 1.4.1 Update 3 for Windows
- Sun JRE 1.4.1_01 for Linux
- Sun JRE 1.4.1_01 for Solaris
- Sun JRE 1.4.1_01 for Windows
- Sun JRE 1.4.1_02 for Linux
- Sun JRE 1.4.1_02 for Solaris
- Sun JRE 1.4.1_02 for Windows
- Sun JRE 1.4.1_07 for Windows
- Sun JRE 1.4.2 for Linux
- Sun JRE 1.4.2 for Solaris
- Sun JRE 1.4.2 for Windows
- Sun JRE 1.4.2 Update 1 for Linux
- Sun JRE 1.4.2 Update 1 for Solaris
- Sun JRE 1.4.2 Update 1 for Windows
- Sun JRE 1.4.2 Update 2 for Linux
- Sun JRE 1.4.2 Update 2 for Solaris
- Sun JRE 1.4.2 Update 2 for Windows
- Sun JRE 1.4.2 Update 3 for Linux
- Sun JRE 1.4.2 Update 3 for Solaris
- Sun JRE 1.4.2 Update 3 for Windows
- Sun JRE 1.4.2 Update 4 for Linux
- Sun JRE 1.4.2 Update 4 for Solaris
- Sun JRE 1.4.2 Update 4 for Windows
- Sun JRE 1.4.2 Update 5 for Linux
- Sun JRE 1.4.2 Update 5 for Solaris
- Sun JRE 1.4.2 Update 5 for Windows
- Sun JRE 1.4 for Linux
- Sun JRE 1.4 for Solaris
- Sun JRE 1.4 for Windows
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2540, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2540 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.