Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1029

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2004-1029
Last Modified 13 Jun 2011 12:00:00
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1029

Summary

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Gentoo Linux

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Hp-ux 11.22

  • Hp-ux 11.23

Application

  • Hp Java Sdk-rte 1.3

  • Hp Java Sdk-rte 1.4

  • Sun Jdk 1.3.1 01

  • Sun Jdk 1.3.1 01a

  • Sun Jdk 1.3.1 02

  • Sun Jdk 1.3.1 03

  • Sun Jdk 1.3.1 04

  • Sun Jdk 1.3.1 05

  • Sun Jdk 1.3.1 06

  • Sun Jdk 1.3.1 07

  • Sun Jdk 1.4

  • Sun Jdk 1.4.0 01

  • Sun Jdk 1.4.0 02

  • Sun Jdk 1.4.0 03

  • Sun Jdk 1.4.0 4

  • Sun Jdk 1.4.1

  • Sun Jdk 1.4.1 01

  • Sun Jdk 1.4.1 02

  • Sun Jdk 1.4.1 03

  • Sun Jdk 1.4.2

  • Sun Jdk 1.4.2 01

  • Sun Jdk 1.4.2 02

  • Sun Jdk 1.4.2 03

  • Sun Jdk 1.4.2 04

  • Sun Jdk 1.4.2 05

  • Sun Jre 1.3.0

  • Sun Jre 1.3.1

  • Sun Jre 1.3.1 02

  • Sun Jre 1.3.1 03

  • Sun Jre 1.3.1 05

  • Sun Jre 1.3.1 06

  • Sun Jre 1.3.1 07

  • Sun Jre 1.3.1 09

  • Sun Jre 1.4

  • Sun Jre 1.4.0 01

  • Sun Jre 1.4.0 02

  • Sun Jre 1.4.0 03

  • Sun Jre 1.4.0 04

  • Sun Jre 1.4.1

  • Sun Jre 1.4.1 01

  • Sun Jre 1.4.1 02

  • Sun Jre 1.4.1 07

  • Sun Jre 1.4.2

  • Symantec Enterprise Firewall 8.0


References

CERT-VN - VU#760344

BID - 12317

SUNALERT - 57591

SUNALERT - 101523

XF - sdk-jre-applet-restriction-bypass(18188)

VUPEN - ADV-2008-0599

IDEFENSE - 20041122 Sun Java Plugin Arbitrary Package Access Vulnerability

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21257249

SREASON - 61

SECUNIA - 29035

SECUNIA - 13271

CONFIRM - http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html

APPLE - APPLE-SA-2005-02-22

MISC - http://jouko.iki.fi/adv/javaplugin.html


Last Updated: 27 May 2016 10:38:52