7.5

CVE-2003-1229

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJre Version >= 1.3.0 <= 1.4.1
SunJava Web Start Version >= 1.0 <= 1.2
SunJsse Version1.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.29% 0.789
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://secunia.com/advisories/7943
Patch
Vendor Advisory
Broken Link
http://securitytracker.com/id?1006007
Third Party Advisory
Broken Link
VDB Entry
http://securitytracker.com/id?1007483
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/6682
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1006001
Third Party Advisory
Broken Link
VDB Entry