Oracle Java before version 1.6u29
Upgrade to Oracle Java 1.6u29.
In Java, it is possible to create low-level system UDP sockets using the java.net.Socket API. These sockets can be bound on arbitrary ports. Furthermore, by using the Java Applet API, attackers can create Java code which is triggered upon visiting their web-page. This, together with the fact that Java fails to restrict the number of concurrent sockets, enables attackers to conduct a DNS poisoning attack on the visiting machine using the port exhaustion technique mentioned in the paper.