Published: 31/12/2003 Updated: 09/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 up to and including 1.4.0_01, (2) JSSE prior to 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 up to and including 1.4.1, and (4) Java Web Start 1.0 up to and including 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote malicious users to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jsse 1.0.3
sun java web start
oracle jre

CWE-295 http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html http://java.sun.com/products/jsse/CHANGES.txt http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239 http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1 http://www.securityfocus.com/bid/6682 http://secunia.com/advisories/7943 http://www.securitytracker.com/id?1006001 http://securitytracker.com/id?1006007 http://securitytracker.com/id?1007483 https://exchange.xforce.ibmcloud.com/vulnerabilities/11182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1229

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect