The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Java_sdk-rte | Hp | 1.3 (including) | 1.3 (including) |
| Java_sdk-rte | Hp | 1.4 (including) | 1.4 (including) |
| Jdk | Sun | 1.3.1_01 (including) | 1.3.1_01 (including) |
| Jdk | Sun | 1.3.1_01a (including) | 1.3.1_01a (including) |
| Jdk | Sun | 1.3.1_02 (including) | 1.3.1_02 (including) |
| Jdk | Sun | 1.3.1_03 (including) | 1.3.1_03 (including) |
| Jdk | Sun | 1.3.1_04 (including) | 1.3.1_04 (including) |
| Jdk | Sun | 1.3.1_05 (including) | 1.3.1_05 (including) |
| Jdk | Sun | 1.3.1_06 (including) | 1.3.1_06 (including) |
| Jdk | Sun | 1.3.1_07 (including) | 1.3.1_07 (including) |
| Jdk | Sun | 1.4 (including) | 1.4 (including) |
| Jdk | Sun | 1.4.0_01 (including) | 1.4.0_01 (including) |
| Jdk | Sun | 1.4.0_02 (including) | 1.4.0_02 (including) |
| Jdk | Sun | 1.4.0_03 (including) | 1.4.0_03 (including) |
| Jdk | Sun | 1.4.0_4 (including) | 1.4.0_4 (including) |
| Jdk | Sun | 1.4.1 (including) | 1.4.1 (including) |
| Jdk | Sun | 1.4.1_01 (including) | 1.4.1_01 (including) |
| Jdk | Sun | 1.4.1_02 (including) | 1.4.1_02 (including) |
| Jdk | Sun | 1.4.1_03 (including) | 1.4.1_03 (including) |
| Jdk | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Jdk | Sun | 1.4.2_01 (including) | 1.4.2_01 (including) |
| Jdk | Sun | 1.4.2_02 (including) | 1.4.2_02 (including) |
| Jdk | Sun | 1.4.2_03 (including) | 1.4.2_03 (including) |
| Jdk | Sun | 1.4.2_04 (including) | 1.4.2_04 (including) |
| Jdk | Sun | 1.4.2_05 (including) | 1.4.2_05 (including) |
| Jre | Sun | 1.3.0 (including) | 1.3.0 (including) |
| Jre | Sun | 1.3.0-update1 (including) | 1.3.0-update1 (including) |
| Jre | Sun | 1.3.0-update2 (including) | 1.3.0-update2 (including) |
| Jre | Sun | 1.3.0-update3 (including) | 1.3.0-update3 (including) |
| Jre | Sun | 1.3.0-update4 (including) | 1.3.0-update4 (including) |
| Jre | Sun | 1.3.0-update5 (including) | 1.3.0-update5 (including) |
| Jre | Sun | 1.3.1 (including) | 1.3.1 (including) |
| Jre | Sun | 1.3.1-update1 (including) | 1.3.1-update1 (including) |
| Jre | Sun | 1.3.1-update1a (including) | 1.3.1-update1a (including) |
| Jre | Sun | 1.3.1-update4 (including) | 1.3.1-update4 (including) |
| Jre | Sun | 1.3.1-update8 (including) | 1.3.1-update8 (including) |
| Jre | Sun | 1.3.1_02 (including) | 1.3.1_02 (including) |
| Jre | Sun | 1.3.1_03 (including) | 1.3.1_03 (including) |
| Jre | Sun | 1.3.1_05 (including) | 1.3.1_05 (including) |
| Jre | Sun | 1.3.1_06 (including) | 1.3.1_06 (including) |
| Jre | Sun | 1.3.1_07 (including) | 1.3.1_07 (including) |
| Jre | Sun | 1.3.1_09 (including) | 1.3.1_09 (including) |
| Jre | Sun | 1.4 (including) | 1.4 (including) |
| Jre | Sun | 1.4.0_01 (including) | 1.4.0_01 (including) |
| Jre | Sun | 1.4.0_02 (including) | 1.4.0_02 (including) |
| Jre | Sun | 1.4.0_03 (including) | 1.4.0_03 (including) |
| Jre | Sun | 1.4.0_04 (including) | 1.4.0_04 (including) |
| Jre | Sun | 1.4.1 (including) | 1.4.1 (including) |
| Jre | Sun | 1.4.1-update3 (including) | 1.4.1-update3 (including) |
| Jre | Sun | 1.4.1_01 (including) | 1.4.1_01 (including) |
| Jre | Sun | 1.4.1_02 (including) | 1.4.1_02 (including) |
| Jre | Sun | 1.4.1_07 (including) | 1.4.1_07 (including) |
| Jre | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Jre | Sun | 1.4.2-update1 (including) | 1.4.2-update1 (including) |
| Jre | Sun | 1.4.2-update2 (including) | 1.4.2-update2 (including) |
| Jre | Sun | 1.4.2-update3 (including) | 1.4.2-update3 (including) |
| Jre | Sun | 1.4.2-update4 (including) | 1.4.2-update4 (including) |
| Jre | Sun | 1.4.2-update5 (including) | 1.4.2-update5 (including) |
| Enterprise_firewall | Symantec | 8.0 (including) | 8.0 (including) |
| Linux | Conectiva | 10.0 (including) | 10.0 (including) |
References
- http://jouko.iki.fi/adv/javaplugin.html
- http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
- http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
- http://secunia.com/advisories/13271
- http://secunia.com/advisories/29035
- http://securityreason.com/securityalert/61
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
- http://www-1.ibm.com/support/docview.wss?uid=swg21257249
- http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities
- http://www.kb.cert.org/vuls/id/760344
- http://www.securityfocus.com/bid/12317
- http://www.vupen.com/english/advisories/2008/0599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
- http://jouko.iki.fi/adv/javaplugin.html
- http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
- http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
- http://secunia.com/advisories/13271
- http://secunia.com/advisories/29035
- http://securityreason.com/securityalert/61
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
- http://www-1.ibm.com/support/docview.wss?uid=swg21257249
- http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities
- http://www.kb.cert.org/vuls/id/760344
- http://www.securityfocus.com/bid/12317
- http://www.vupen.com/english/advisories/2008/0599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674