Security Bulletin: Potential security vulnerabilities exist in the IBM Java SDK that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2013-0440, CVE-2013-0443)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtmedium psirttivoli
0 Comments | 671 Visits
The current implementation of the JSSE provider shipped with the JDK allows duplicate handshake messages, which consume considerable resources on the server side. Diffie-Hellman key exchange is known to be vulnerable to weak key attacks. A peer's public key needs to be validated according to section 2.1.5 of RFC 2631.