CVE Vulnerabilities

CVE-2003-0896

Published: Nov 17, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains / (slash) instead of . (dot) characters, which bypasses a call to the Security Manager’s checkPackageAccess method.

Affected Software

Name Vendor Start Version End Version
Jre Sun * 1.4.1

References