JVN#93926203
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Overview
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.
Products Affected
- Java applications using Sun's JCE 1.2.1
Description
Impact
Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 (JST) on July 28, 2005.
Java applications using JCE 1.2.1 may not start after 6:43 (JST, +0900) on July 28, 2005.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Turbolinux, Inc. | Not Vulnerable | 2005/07/13 | |
| Saitoh Kikaku | Not Vulnerable | 2005/09/02 | |
| Nihon F-Secure Corporation | Not Vulnerable | 2005/07/14 | |
| manax Co., LTD. | Vulnerable | 2005/07/14 | |
| NEC Corporation | Vulnerable | 2005/09/05 | |
| YMIRLINK Inc. | Not Vulnerable, investigating | 2005/07/19 | |
| FUJITSU LIMITED | Vulnerable | 2005/10/04 | |
| HDE, Inc. | Not Vulnerable | 2005/07/25 | |
| Orangesoft Inc. | Not Vulnerable | 2005/07/26 | |
| BakBone Software K.K. | Not Vulnerable | 2005/09/02 | |
| Yokogawa Electric Corporation | Not Vulnerable, investigating | 2005/09/07 | |
| Hitachi | Vulnerable | 2005/09/06 | |
| JustSystems Corporation | Not Vulnerable | 2005/09/07 | |
| Cybozu, Inc. | Not Vulnerable | 2005/07/14 | |
| RICOH COMPANY, LTD. | Not Vulnerable | 2005/07/15 | |
| Cisco Systems, Inc. | Vulnerable | 2005/09/08 |
| Vendor | Link |
| IBM |
Need latest build of IBM JCE added to WebSphere Application Server |
| IBM |
http://www-6.ibm.com/jp/domino01/mkt/websphere.nsf/doc/001C002F |
| APC |
http://www.apcc.com/solutions/display.cfm?id=40360141-5056-9170-D3DB0628D7D92F2B&ISOCountryCode=jp |
| Infoteria Corporation |
http://infosupport.infoteria.co.jp/iwebsite/htdocs/work/AS-05052-Updated-20050621.html |
| Macromedia |
http://www.macromedia.com/jp/support/general/ts/documents/gn0039.html |
| Trend Micro Incorporated |
https://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=11525 |
| Cognos ULC |
http://support.cognos.com/ja/support/products/jce_notice.html |
| Sun Microsystems, Inc. |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101796-1&searchclause=101796 |
| MIRACLE LINUX CORPORATION |
http://www.miraclelinux.com/index.html |
| BEA Systems Inc. |
Security Notification: (BEA05-83.00) |
| McAfee Co., Ltd. |
http://www.mcafee.com/japan/announcement/jce121.asp |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports |
JPCERT-WR-2005-2701 JPCERT/CC REPORT 2005-07-13 |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000776 |