Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2764

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2764
Last Modified 02 Jun 2009 12:00:00
Published 02 Jun 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2764

Summary

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."

Vulnerable Systems

Application

  • Sun Jre 1.4.0

  • Sun Jre 1.4.0 01

  • Sun Jre 1.4.0 02

  • Sun Jre 1.4.0 03

  • Sun Jre 1.4.0 04

  • Sun Jre 1.4.1

  • Sun Jre 1.4.1 01

  • Sun Jre 1.4.1 02

  • Sun Jre 1.4.1 03

  • Sun Jre 1.4.1 04

  • Sun Jre 1.4.1 05

  • Sun Jre 1.4.1 06

  • Sun Jre 1.4.1 07

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 01

  • Sun Jre 1.4.2 02

  • Sun Jre 1.4.2 03

  • Sun Jre 1.4.2 04

  • Sun Sdk 1.4.0

  • Sun Sdk 1.4.0 01

  • Sun Sdk 1.4.0 02

  • Sun Sdk 1.4.0 03

  • Sun Sdk 1.4.0 04

  • Sun Sdk 1.4.1

  • Sun Sdk 1.4.1 01

  • Sun Sdk 1.4.1 02

  • Sun Sdk 1.4.1 03

  • Sun Sdk 1.4.1 04

  • Sun Sdk 1.4.1 05

  • Sun Sdk 1.4.1 06

  • Sun Sdk 1.4.1 07

  • Sun Sdk 1.4.2

  • Sun Sdk 1.4.2 01

  • Sun Sdk 1.4.2 02

  • Sun Sdk 1.4.2 03

  • Sun Sdk 1.4.2 04


References

XF - sun-xslt-applet-gain-privileges(16864)

BID - 10844

BUGTRAQ - 20040808 Java XSLT security advisory addendum

OSVDB - 8288

SECTRACK - 1011661

SECUNIA - 12206

HP - SSRT4806

SUNALERT - 57613

HP - HPSBUX01087


Last Updated: 27 May 2016 11:02:28