CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
References
Link Resource
http://jouko.iki.fi/adv/javaplugin.html
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
http://secunia.com/advisories/13271 Vendor Advisory
http://secunia.com/advisories/29035 Vendor Advisory
http://securityreason.com/securityalert/61
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://www.kb.cert.org/vuls/id/760344 US Government Resource
http://www.securityfocus.com/bid/12317 Patch
http://www.vupen.com/english/advisories/2008/0599 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
http://jouko.iki.fi/adv/javaplugin.html
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
http://secunia.com/advisories/13271 Vendor Advisory
http://secunia.com/advisories/29035 Vendor Advisory
http://securityreason.com/securityalert/61
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://www.kb.cert.org/vuls/id/760344 US Government Resource
http://www.securityfocus.com/bid/12317 Patch
http://www.vupen.com/english/advisories/2008/0599 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hp:java_sdk-rte:1.3:*:hp-ux_pa-risc:*:*:*:*:*
cpe:2.3:a:hp:java_sdk-rte:1.4:*:hp-ux_pa-risc:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_06:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_06:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_06:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_07:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_07:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.3.1_07:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_4:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_4:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.0_4:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_01:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_01:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_01:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.1_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_01:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_04:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_04:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_04:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_05:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_05:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.4.2_05:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update1:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update3:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update4:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1a:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update8:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update8:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update8:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_05:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_05:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_05:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_06:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_06:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_06:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_07:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_07:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_07:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_09:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_09:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_09:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_03:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_03:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_03:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_04:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_04:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.0_04:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:update3:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:update3:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1:update3:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_01:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_01:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_01:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_02:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_02:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_02:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.1_07:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:*:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:*:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update1:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update1:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update1:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update2:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update2:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update3:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update3:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update3:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update4:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update4:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update4:windows:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update5:linux:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update5:solaris:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:update5:windows:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_firewall:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_firewall:8.0:*:solaris:*:*:*:*:*
cpe:2.3:a:symantec:enterprise_firewall:8.0:*:windows_2000_nt:*:*:*:*:*
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:h:symantec:gateway_security_5400:2.0:*:*:*:*:*:*:*
cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://jouko.iki.fi/adv/javaplugin.html - () http://jouko.iki.fi/adv/javaplugin.html -
References () http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html - () http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html -
References () http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html - () http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html -
References () http://secunia.com/advisories/13271 - Vendor Advisory () http://secunia.com/advisories/13271 - Vendor Advisory
References () http://secunia.com/advisories/29035 - Vendor Advisory () http://secunia.com/advisories/29035 - Vendor Advisory
References () http://securityreason.com/securityalert/61 - () http://securityreason.com/securityalert/61 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 - Patch, Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 - Patch, Vendor Advisory
References () http://www-1.ibm.com/support/docview.wss?uid=swg21257249 - () http://www-1.ibm.com/support/docview.wss?uid=swg21257249 -
References () http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities - () http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities -
References () http://www.kb.cert.org/vuls/id/760344 - US Government Resource () http://www.kb.cert.org/vuls/id/760344 - US Government Resource
References () http://www.securityfocus.com/bid/12317 - Patch () http://www.securityfocus.com/bid/12317 - Patch
References () http://www.vupen.com/english/advisories/2008/0599 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0599 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18188 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18188 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674 -

Information

Published : 2005-03-01 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-1029

Mitre link : CVE-2004-1029

CVE.ORG link : CVE-2004-1029


JSON object : View

Products Affected

hp

  • java_sdk-rte
  • hp-ux

symantec

  • gateway_security_5400
  • enterprise_firewall

conectiva

  • linux

gentoo

  • linux

sun

  • jre
  • jdk
CWE
CWE-264

Permissions, Privileges, and Access Controls