Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1229

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1229
Last Modified 04 Mar 2009 12:20:04
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1229

Summary

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Vulnerable Systems


References

XF - sun-java-improper-validation(11182)

BID - 6682

SUNALERT - 50081

SECUNIA - 7943

HP - HPSBUX0301-239

CONFIRM - http://java.sun.com/products/jsse/CHANGES.txt

BUGTRAQ - 20030128 Incorrect Certificate Validation in Java Secure Socket Extension

SECTRACK - 1006001

SECTRACK - 1007483

SECTRACK - 1006007


Last Updated: 27 May 2016 10:38:17