Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2393

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2393
Last Modified 02 Jun 2010 12:27:05
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2393

Summary

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.

Vulnerable Systems

Application

  • Sun Jsse 1.0.3

  • Sun Jsse 1.0.3 01

  • Sun Jsse 1.0.3 02


References

XF - sun-jsse-improper-validation(16194)

BID - 10387

OSVDB - 6299

SUNALERT - 57560

SECTRACK - 1010193

SECUNIA - 11639

SUNALERT - 1001273

SUNALERT - 201724


Last Updated: 27 May 2016 10:39:28