The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://jouko.iki.fi/adv/javaplugin.html - | |
References | () http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html - | |
References | () http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html - | |
References | () http://secunia.com/advisories/13271 - Vendor Advisory | |
References | () http://secunia.com/advisories/29035 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/61 - | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 - Patch, Vendor Advisory | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 - Patch, Vendor Advisory | |
References | () http://www-1.ibm.com/support/docview.wss?uid=swg21257249 - | |
References | () http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities - | |
References | () http://www.kb.cert.org/vuls/id/760344 - US Government Resource | |
References | () http://www.securityfocus.com/bid/12317 - Patch | |
References | () http://www.vupen.com/english/advisories/2008/0599 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18188 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 - |
Information
Published : 2005-03-01 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-1029
Mitre link : CVE-2004-1029
CVE.ORG link : CVE-2004-1029
JSON object : View
Products Affected
hp
- java_sdk-rte
- hp-ux
symantec
- gateway_security_5400
- enterprise_firewall
conectiva
- linux
gentoo
- linux
sun
- jre
- jdk
CWE
CWE-264
Permissions, Privileges, and Access Controls