CVE Vulnerabilities

CVE-2003-1229

Improper Certificate Validation

Published: Dec 31, 2003 | Modified: Sep 13, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Weakness

The software does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.4.0_02 1.4.0_02
Java_web_start Sun 1.0 1.0
Jdk Sun 1.3.1_01 1.3.1_01
Jdk Sun 1.3.0_05 1.3.0_05
Jre Sun 1.4.1 1.4.1
Jdk Sun 1.3.0_02 1.3.0_02
Jdk Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.4 1.4
Jdk Sun 1.3.1_03 1.3.1_03
Jre Sun 1.4 1.4
Jdk Sun 1.3.1_05 1.3.1_05
Jre Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.4.1 1.4.1
Jre Sun 1.4 1.4
Jre Sun 1.3.1 1.3.1
Jdk Sun 1.3.1_03 1.3.1_03
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.1_03 1.3.1_03
Java_web_start Sun 1.2 1.2
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.3.1 1.3.1
Jre Sun 1.4.1 1.4.1
Jre Sun 1.3.0 1.3.0
Jdk Sun 1.4 1.4
Jdk Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.4.0_02 1.4.0_02
Jre Sun 1.3.0 1.3.0
Jdk Sun 1.3_05 1.3_05
Jdk Sun 1.3.0_05 1.3.0_05
Jdk Sun 1.3.1_01a 1.3.1_01a
Jre Sun 1.3.0 1.3.0
Jdk Sun 1.3_02 1.3_02
Jre Sun 1.3.1 1.3.1
Jre Sun 1.3.1 1.3.1
Java_web_start Sun 1.0.1_02 1.0.1_02
Jsse Sun 1.0.3 1.0.3
Jdk Sun 1.3 1.3
Jdk Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.4.1 1.4.1
Jdk Sun 1.3.0_02 1.3.0_02
Java_web_start Sun 1.0.1 1.0.1
Jdk Sun 1.4.1 1.4.1
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.1_05 1.3.1_05
Jre Sun 1.4 1.4
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jdk Sun 1.3.1_01 1.3.1_01
Jdk Sun 1.4 1.4
Jre Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.4.0_02 1.4.0_02
Jre Sun 1.3.1_05 1.3.1_05
Java_web_start Sun 1.0.1_01 1.0.1_01
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.4.1 1.4.1

Potential Mitigations

References