- Sun Alert ID: 101523 (formerly 57591)
- Synopsis: Security Vulnerability With Java Plug-in in JRE/SDK
- Category: Security
- Product: Java 2 Platform, Standard Edition 1.4.2, SunTea v3.55, Java 2 Platform, Standard Edition 1.4.1
- BugIDs: 5045568
- Avoidance: Upgrade
- State: Resolved
- Date Released: 22-Nov-2004
- Date Closed: 22-Nov-2004
- Date Modified: 06-Jan-2005, 01-Dec-2004
Sun acknowledges, with thanks, Jouko Pynnonen for bringing this issue to our attention, and iDEFENSE Inc. for coordinating the release of this issue.
This issue is described in the following document: CVE CAN-2004-1029 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029.
2. Contributing Factors
This issue can occur in the following releases:
- SDK and JRE 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 releases, and 1.3.1_12 and earlier
on the following platforms:
Note: JDK and JRE 5.0 are not affected by this issue.
To determine the version of Java on a system, the following command can be run:
% java -fullversion java full version "1.4.1_06-b01"
There are no reliable symptoms that would indicate the described issue has been exploited.
This issue is addressed in the following releases:
- SDK and JRE 1.4.2_06 and later
- SDK and JRE 1.3.1_13 and later
for the following platforms:
J2SE releases are available for download at http://java.sun.com/j2se/, at the following links:
- J2SE 5.0 http://java.sun.com/j2se/1.5.0/download.jsp
- J2SE 1.4.2_06 http://java.sun.com/j2se/1.4.2/download.html
- J2SE 1.3.1_14 http://java.sun.com/j2se/1.3/download.html
Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages.
- Add additional "Note" to Resolution section
- New links added for J2SE download locations in "Resolution" section
Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.