The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Java_sdk-rte | Hp | 1.3 (including) | 1.3 (including) |
Java_sdk-rte | Hp | 1.4 (including) | 1.4 (including) |
Jdk | Sun | 1.3.1_01 (including) | 1.3.1_01 (including) |
Jdk | Sun | 1.3.1_01a (including) | 1.3.1_01a (including) |
Jdk | Sun | 1.3.1_02 (including) | 1.3.1_02 (including) |
Jdk | Sun | 1.3.1_03 (including) | 1.3.1_03 (including) |
Jdk | Sun | 1.3.1_04 (including) | 1.3.1_04 (including) |
Jdk | Sun | 1.3.1_05 (including) | 1.3.1_05 (including) |
Jdk | Sun | 1.3.1_06 (including) | 1.3.1_06 (including) |
Jdk | Sun | 1.3.1_07 (including) | 1.3.1_07 (including) |
Jdk | Sun | 1.4 (including) | 1.4 (including) |
Jdk | Sun | 1.4.0_01 (including) | 1.4.0_01 (including) |
Jdk | Sun | 1.4.0_02 (including) | 1.4.0_02 (including) |
Jdk | Sun | 1.4.0_03 (including) | 1.4.0_03 (including) |
Jdk | Sun | 1.4.0_4 (including) | 1.4.0_4 (including) |
Jdk | Sun | 1.4.1 (including) | 1.4.1 (including) |
Jdk | Sun | 1.4.1_01 (including) | 1.4.1_01 (including) |
Jdk | Sun | 1.4.1_02 (including) | 1.4.1_02 (including) |
Jdk | Sun | 1.4.1_03 (including) | 1.4.1_03 (including) |
Jdk | Sun | 1.4.2 (including) | 1.4.2 (including) |
Jdk | Sun | 1.4.2_01 (including) | 1.4.2_01 (including) |
Jdk | Sun | 1.4.2_02 (including) | 1.4.2_02 (including) |
Jdk | Sun | 1.4.2_03 (including) | 1.4.2_03 (including) |
Jdk | Sun | 1.4.2_04 (including) | 1.4.2_04 (including) |
Jdk | Sun | 1.4.2_05 (including) | 1.4.2_05 (including) |
Jre | Sun | 1.3.0 (including) | 1.3.0 (including) |
Jre | Sun | 1.3.0-update1 (including) | 1.3.0-update1 (including) |
Jre | Sun | 1.3.0-update2 (including) | 1.3.0-update2 (including) |
Jre | Sun | 1.3.0-update3 (including) | 1.3.0-update3 (including) |
Jre | Sun | 1.3.0-update4 (including) | 1.3.0-update4 (including) |
Jre | Sun | 1.3.0-update5 (including) | 1.3.0-update5 (including) |
Jre | Sun | 1.3.1 (including) | 1.3.1 (including) |
Jre | Sun | 1.3.1-update1 (including) | 1.3.1-update1 (including) |
Jre | Sun | 1.3.1-update1a (including) | 1.3.1-update1a (including) |
Jre | Sun | 1.3.1-update4 (including) | 1.3.1-update4 (including) |
Jre | Sun | 1.3.1-update8 (including) | 1.3.1-update8 (including) |
Jre | Sun | 1.3.1_02 (including) | 1.3.1_02 (including) |
Jre | Sun | 1.3.1_03 (including) | 1.3.1_03 (including) |
Jre | Sun | 1.3.1_05 (including) | 1.3.1_05 (including) |
Jre | Sun | 1.3.1_06 (including) | 1.3.1_06 (including) |
Jre | Sun | 1.3.1_07 (including) | 1.3.1_07 (including) |
Jre | Sun | 1.3.1_09 (including) | 1.3.1_09 (including) |
Jre | Sun | 1.4 (including) | 1.4 (including) |
Jre | Sun | 1.4.0_01 (including) | 1.4.0_01 (including) |
Jre | Sun | 1.4.0_02 (including) | 1.4.0_02 (including) |
Jre | Sun | 1.4.0_03 (including) | 1.4.0_03 (including) |
Jre | Sun | 1.4.0_04 (including) | 1.4.0_04 (including) |
Jre | Sun | 1.4.1 (including) | 1.4.1 (including) |
Jre | Sun | 1.4.1-update3 (including) | 1.4.1-update3 (including) |
Jre | Sun | 1.4.1_01 (including) | 1.4.1_01 (including) |
Jre | Sun | 1.4.1_02 (including) | 1.4.1_02 (including) |
Jre | Sun | 1.4.1_07 (including) | 1.4.1_07 (including) |
Jre | Sun | 1.4.2 (including) | 1.4.2 (including) |
Jre | Sun | 1.4.2-update1 (including) | 1.4.2-update1 (including) |
Jre | Sun | 1.4.2-update2 (including) | 1.4.2-update2 (including) |
Jre | Sun | 1.4.2-update3 (including) | 1.4.2-update3 (including) |
Jre | Sun | 1.4.2-update4 (including) | 1.4.2-update4 (including) |
Jre | Sun | 1.4.2-update5 (including) | 1.4.2-update5 (including) |
Enterprise_firewall | Symantec | 8.0 (including) | 8.0 (including) |
Linux | Conectiva | 10.0 (including) | 10.0 (including) |