This is a
candidate for inclusion in
the CVE list, which standardizes names for security
problems. It must be reviewed and accepted by the
CVE Editorial Board
before it can be added into CVE. Therefore, this candidate may be
modified or even rejected in the future.
Name |
CVE-2004-1029 (under review) |
Status |
Candidate |
Description |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE)
1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly
restrict access between Javascript and Java applets during data
transfer, which allows remote attackers to load unsafe classes and
execute arbitrary code.
|
References |
- IDEFENSE:20041122 Sun Java Plugin Arbitrary Package Access Vulnerability
- URL:http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
- CONFIRM:http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
- APPLE:APPLE-SA-2005-02-22
- URL:http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
- SUNALERT:57591
- URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
- SUNALERT:101523
- URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
- CERT-VN:VU#760344
- URL:http://www.kb.cert.org/vuls/id/760344
- SECUNIA:13271
- URL:http://secunia.com/advisories/13271
- XF:sdk-jre-applet-restriction-bypass(18188)
- URL:http://xforce.iss.net/xforce/xfdb/18188
|
Phase |
Assigned (20041112) |
Votes |
|
Comments |
|
Note: References
are provided for the convenience of the reader to
help distinguish between vulnerabilities. The list of references is
not intended to be complete.
Candidate assigned on 20041112 and proposed on N/A
You can also search by reference using
reference maps.
Home to cve.mitre.org
For more information, please contact cve@mitre.org.