The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote malicious users to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp java sdk-rte 1.3 |
||
sun jdk 1.3.1_02 |
||
sun jdk 1.3.1_03 |
||
sun jdk 1.3.1_06 |
||
sun jdk 1.4.0_02 |
||
sun jdk 1.4.0_03 |
||
sun jdk 1.4.1 |
||
sun jdk 1.4.1_03 |
||
sun jdk 1.4.2_03 |
||
sun jdk 1.4 |
||
sun jre 1.3.0 |
||
sun jre 1.3.1 |
||
sun jre 1.3.1_02 |
||
sun jre 1.3.1_05 |
||
sun jre 1.3.1_06 |
||
sun jre 1.3.1_09 |
||
sun jre 1.4.0_03 |
||
sun jre 1.4.1 |
||
sun jre 1.4.1_07 |
||
sun jre 1.4.2 |
||
conectiva linux 10.0 |
||
sun jdk 1.3.1_05 |
||
sun jdk 1.4.0_4 |
||
sun jdk 1.4.1_02 |
||
sun jdk 1.4.2_02 |
||
sun jdk 1.4.2_05 |
||
sun jre 1.3.1_03 |
||
sun jre 1.3.1_07 |
||
sun jre 1.4.0_02 |
||
sun jre 1.4.1_02 |
||
symantec enterprise firewall 8.0 |
||
sun jdk 1.3.1_01 |
||
sun jdk 1.3.1_01a |
||
sun jdk 1.3.1_04 |
||
sun jdk 1.3.1_07 |
||
sun jdk 1.4.0_01 |
||
sun jdk 1.4.1_01 |
||
sun jdk 1.4.2 |
||
sun jdk 1.4.2_01 |
||
sun jdk 1.4.2_04 |
||
sun jre 1.4.0_04 |
||
sun jre 1.4.1_01 |
||
sun jre 1.4 |
||
hp java sdk-rte 1.4 |
||
sun jre 1.4.0_01 |
||
hp hp-ux 11.23 |
||
hp hp-ux 11.11 |
||
hp hp-ux 11.22 |
||
gentoo linux |
||
hp hp-ux 11.00 |
||
symantec gateway security 5400 2.0 |
||
symantec gateway security 5400 2.0.1 |