CVE Vulnerabilities

CVE-2003-1229

Published: Dec 31, 2003 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Affected Software

Name Vendor Start Version End Version
Java_web_start Sun 1.0 1.0
Java_web_start Sun 1.0.1 1.0.1
Java_web_start Sun 1.0.1_01 1.0.1_01
Java_web_start Sun 1.0.1_02 1.0.1_02
Java_web_start Sun 1.2 1.2
Jdk Sun 1.3 1.3
Jdk Sun 1.3.0_02 1.3.0_02
Jdk Sun 1.3.0_02 1.3.0_02
Jdk Sun 1.3.0_05 1.3.0_05
Jdk Sun 1.3.0_05 1.3.0_05
Jdk Sun 1.3.1_01 1.3.1_01
Jdk Sun 1.3.1_01 1.3.1_01
Jdk Sun 1.3.1_01a 1.3.1_01a
Jdk Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.3.1_03 1.3.1_03
Jdk Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.3.1_05 1.3.1_05
Jdk Sun 1.3_02 1.3_02
Jdk Sun 1.3_05 1.3_05
Jdk Sun 1.4 1.4
Jdk Sun 1.4 1.4
Jdk Sun 1.4 1.4
Jdk Sun 1.4.0_02 1.4.0_02
Jdk Sun 1.4.0_02 1.4.0_02
Jdk Sun 1.4.0_02 1.4.0_02
Jdk Sun 1.4.1 1.4.1
Jdk Sun 1.4.1 1.4.1
Jdk Sun 1.4.1 1.4.1
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.0 1.3.0
Jre Sun 1.3.1 1.3.1
Jre Sun 1.3.1 1.3.1
Jre Sun 1.3.1 1.3.1
Jre Sun 1.3.1 1.3.1
Jre Sun 1.3.1_03 1.3.1_03
Jre Sun 1.3.1_03 1.3.1_03
Jre Sun 1.3.1_03 1.3.1_03
Jre Sun 1.3.1_05 1.3.1_05
Jre Sun 1.3.1_05 1.3.1_05
Jre Sun 1.3.1_05 1.3.1_05
Jre Sun 1.4 1.4
Jre Sun 1.4 1.4
Jre Sun 1.4 1.4
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.4.0_02 1.4.0_02
Jre Sun 1.4.1 1.4.1
Jre Sun 1.4.1 1.4.1
Jre Sun 1.4.1 1.4.1
Jsse Sun 1.0.3 1.0.3

References