[Japanese]

JVNDB-2005-000776

Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Overview

The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.

If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.

This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.

*1 JPCERT/CC coordinated this issue based on the publicly available information.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


BEA Systems, Inc.
  • BEA WebLogic Express 7.0
  • BEA WebLogic Platform 7.0
  • BEA WebLogic Server 7.0
IBM Corporation
  • IBM JCE 1.2.1
  • IBM JDK
  • IBM JRE
Adobe Systems, Inc.
  • Adobe ColdFusion mx 6.0
  • Adobe ColdFusion mx 6.1
  • Adobe ColdFusion mx 7
  • Adobe JRun 3.1 and 4
Infoteria Corporation
  • ASTERIA R2 Flow Builder
  • ASTERIA R2 Server all platform without Linux
Cognos ULC
  • Cognos Metrics Designer
  • Cognos ReportNet
Sun Microsystems, Inc.
  • J2SE 1.2.x and 1.3.x
  • JCE 1.2.1
Cisco Systems, Inc.
  • Cisco WAN Manager (CWM) - 11.0.10
  • Cisco WAN Manager (CWM) - 12.0.00
  • CiscoWorks Host Solution Engine (HSE) - 1.7.3
  • CiscoWorks Wireless LAN Solution Engine (CWWLSE) 1130 SOFTWARE - 2.7
  • CiscoWorks Wireless LAN Solution Engine (CWWLSE) 1105 software - 2.7
Schneider Electric
  • PowerChute (business) v6.1, v6.1.1, v6.1.2
McAfee
  • McAfee IntruShield v1.8, v1.9, v2.1
NEC Corporation
  • ESMPRO/UPSManager ver2.0
  • PowerChute (business) v6.1.x
Hitachi, Ltd
  • Cosminexus Server Web Edition
  • Cosminexus Server Standard Edition
  • Cosminexus Server Enterprise Edition
  • Cosminexus Web Contents Generator 01-02
  • HA8000 Series
FUJITSU
  • Interstage Application Server Enterprise Edition V4.0L10, V4.0L20 (Windows)
  • Interstage Application Server Enterprise Edition V5.0L10, V5.0L10A, V5.0L10B (Windows)
  • Interstage Application Server Standard Edition V4.0L10, V4.0L20 (Windows)
  • Interstage Application Server Standard Edition V5.0L10, V5.0L10A, V5.0L10B (Windows)
  • Interstage Application Server Standard Edition 4.0, 4.1 (Solaris,Linux)
  • Interstage Application Server Standard Edition 5.0, 5.0.1 (Solaris,Linux)
  • PowerChute (business) v6.1.2J
  • PRIMERGY TX200 all in one type
  • PRIMERGY TX150 all in one type

Impact

Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 (JST) on July 28, 2005.
Java applications using JCE 1.2.1 may not start after 6:43 (JST, +0900) on July 28, 2005.
Solution

Vendor Information

BEA Systems, Inc. IBM Corporation Adobe Systems, Inc. Infoteria Corporation Cognos ULC
  • COGNOS SOFTWARE SERVICES : jce_notice (Japanese)
Sun Microsystems, Inc.
  • Sun Alert Notification : 201158
Cisco Systems, Inc. Schneider Electric McAfee NEC Corporation
  • NEC Security Information : NV05-024 (Japanese)
Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS05-015
FUJITSU
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#93926203
  2. JPCERT REPORT : JPCERT-WR-2005-2701 (Japanese)
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/07/13
Date First Published2008/05/21
Date Last Updated2008/05/21