VDB
ANCHORE-2004-1029
ANCHORE-2004-1029
PUBLISHED
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| symantec | gateway_security_5400 | 2.0, 2.0.1, 2.0 |
| hp | hp-ux | 11.23, 11.00, 11.00 |
| hp | java_sdk-rte | 1.3, 1.3, 1.4 |
| sun | jre | 1.4.1_02, 1.4.1_07, 1.4.2 |
| sun | jdk | *, *, * |
| conectiva | linux | 10.0, 10.0, 10.0 |
| symantec | enterprise_firewall | 8.0, 8.0, 8.0 |
Timeline
- Nov 24, 2004 CVE Published
- Aug 8, 2024 CVE Updated
References
- http://jouko.iki.fi/adv/javaplugin.html url
- http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html url
- http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html url
- http://secunia.com/advisories/13271 url
- http://secunia.com/advisories/29035 url
- http://securityreason.com/securityalert/61 url
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 url
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 url
- http://www-1.ibm.com/support/docview.wss?uid=swg21257249 url
- http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities url
- http://www.kb.cert.org/vuls/id/760344 url
- http://www.securityfocus.com/bid/12317 url
- http://www.vupen.com/english/advisories/2008/0599 url
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18188 url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 url