7.5

CVE-2003-1229

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJre Version >= 1.3.0 <= 1.4.1
SunJava Web Start Version >= 1.0 <= 1.2
SunJsse Version1.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.63% 0.905
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
Broken Link
http://java.sun.com/products/jsse/CHANGES.txt
Vendor Advisory
Broken Link
http://secunia.com/advisories/7943
Patch
Vendor Advisory
Broken Link
http://securitytracker.com/id?1006007
Third Party Advisory
Broken Link
VDB Entry
http://securitytracker.com/id?1007483
Third Party Advisory
Broken Link
VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/6682
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1006001
Third Party Advisory
Broken Link
VDB Entry
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883
Broken Link