X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 up to and including 1.4.0_01, (2) JSSE prior to 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 up to and including 1.4.1, and (4) Java Web Start 1.0 up to and including 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote malicious users to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jsse 1.0.3 |
||
sun java web start |
||
oracle jre |