Published:2005/07/13  Last Updated:2008/05/21

JVN#93926203
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Overview

The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.

If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.

This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.

*1 JPCERT/CC coordinated this issue based on the publicly available information.

Products Affected

  • Java applications using Sun's JCE 1.2.1

Description

Impact

Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 (JST) on July 28, 2005.
Java applications using JCE 1.2.1 may not start after 6:43 (JST, +0900) on July 28, 2005.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Turbolinux, Inc. Not Vulnerable 2005/07/13
Saitoh Kikaku Not Vulnerable 2005/09/02
Nihon F-Secure Corporation Not Vulnerable 2005/07/14
manax Co., LTD. Vulnerable 2005/07/14
NEC Corporation Vulnerable 2005/09/05
YMIRLINK Inc. Not Vulnerable, investigating 2005/07/19
FUJITSU LIMITED Vulnerable 2005/10/04
HDE, Inc. Not Vulnerable 2005/07/25
Orangesoft Inc. Not Vulnerable 2005/07/26
BakBone Software K.K. Not Vulnerable 2005/09/02
Yokogawa Electric Corporation Not Vulnerable, investigating 2005/09/07
Hitachi Vulnerable 2005/09/06
JustSystems Corporation Not Vulnerable 2005/09/07
Cybozu, Inc. Not Vulnerable 2005/07/14
RICOH COMPANY, LTD. Not Vulnerable 2005/07/15
Cisco Systems, Inc. Vulnerable 2005/09/08

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports JPCERT-WR-2005-2701 JPCERT/CC REPORT 2005-07-13
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000776

Update History