The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102461 Systems With Sun Java Enterprise System Installed May Hang Due to a Memory Leak in the Network Security Services (NSS) Software

Guest Author
Product: Sun Java Enterprise System 2003Q4, Sun Java Enterprise System 2005Q1, Sun Java Enterprise System 2004Q2

A local or remote unprivileged user may be able to cause systems which have installed the Sun Java Enterprise System (JES) along with the patches listed below in Section 2 to become unresponsive or hang. This is a Denial of Service (DoS) due to a memory leak in the Network Security Services (NSS) software which is used by many of the Sun Java Enterprise System components such as the Sun Java System Application Server, the Sun Java System Web Server, and the Sun Java System Portal Server.

NSS is an open source project which adds support for SSL, S/MIME, and other Internet security standards to the Sun Java Enterprise System. Further information about NSS can be found at http://www.mozilla.org/projects/security/pki/nss/

This issue is also described in CVE-2006-3127 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3127

Avoidance: Workaround, Patch
State: Resolved
First released: 13-Jun-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.