Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0058

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0058
Last Modified 10 Sep 2008 03:11:10
Published 15 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0058

Summary

Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.

Vulnerable Systems

Application

  • Microsoft Virtual Machine 3802

  • Sun Jdk 1.1.8

  • Sun Jre 1.1.8

  • Sun Jre 1.2.2

  • Sun Jre 1.3.0

  • Sun Sdk 1.1.8 007

  • Sun Sdk 1.2.2 010

  • Sun Sdk 1.2.2 10

  • Sun Sdk 1.3 02


References

MS - MS02-013

BUGTRAQ - 20020305 Java HTTP proxy vulnerability

SUN - 00216


Last Updated: 27 May 2016 10:36:46