Sun Microsystems recommends updating to SDK and JRE 1.4.2_04 or later releases to correct a "moderately critical" flaw in its Java software that a remote attacker could use to cause a denial-of-service attack.
The Java runtime environment vulnerability "may allow a remote unprivileged user to cause the Java Virtual Machine to become unresponsive," resulting in a DoS attack, the company said in an advisory on its Web site.
The advisory identifies Windows, Solaris and Linux programs that use the SDK and JRE 1.4.2_03 or earlier 1.4.2 releases as those at risk. The advisory said releases prior to 1.4.2 are not affected.
Sun announced the flaw May 6, but provided few details. There is no workaround, upgrading is the only solution.