Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0896

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0896
Last Modified 07 Mar 2011 09:13:14
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0896

Summary

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.

Vulnerable Systems

Application

  • Sun Jre 1.4.1


References

SUNALERT - 200356

SUNALERT - 57221

BUGTRAQ - 20021023 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation

MISC - http://lsd-pl.net/code/JVM/jre.tar.gz

BID - 8879

BUGTRAQ - 20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machineimplementation

BUGTRAQ - 20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation

HP - HPSBUX0311-295


Last Updated: 27 May 2016 10:38:06