The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2005-03-01 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2004-1029
Mitre link : CVE-2004-1029
CVE.ORG link : CVE-2004-1029
JSON object : View
Products Affected
conectiva
- linux
symantec
- enterprise_firewall
- gateway_security_5400
sun
- jre
- jdk
gentoo
- linux
hp
- java_sdk-rte
- hp-ux
CWE
CWE-264
Permissions, Privileges, and Access Controls