CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Affected Software

Name	Vendor	Start Version	End Version
Java_sdk-rte	Hp	1.3 (including)	1.3 (including)
Java_sdk-rte	Hp	1.4 (including)	1.4 (including)
Jdk	Sun	1.3.1_01 (including)	1.3.1_01 (including)
Jdk	Sun	1.3.1_01a (including)	1.3.1_01a (including)
Jdk	Sun	1.3.1_02 (including)	1.3.1_02 (including)
Jdk	Sun	1.3.1_03 (including)	1.3.1_03 (including)
Jdk	Sun	1.3.1_04 (including)	1.3.1_04 (including)
Jdk	Sun	1.3.1_05 (including)	1.3.1_05 (including)
Jdk	Sun	1.3.1_06 (including)	1.3.1_06 (including)
Jdk	Sun	1.3.1_07 (including)	1.3.1_07 (including)
Jdk	Sun	1.4 (including)	1.4 (including)
Jdk	Sun	1.4.0_01 (including)	1.4.0_01 (including)
Jdk	Sun	1.4.0_02 (including)	1.4.0_02 (including)
Jdk	Sun	1.4.0_03 (including)	1.4.0_03 (including)
Jdk	Sun	1.4.0_4 (including)	1.4.0_4 (including)
Jdk	Sun	1.4.1 (including)	1.4.1 (including)
Jdk	Sun	1.4.1_01 (including)	1.4.1_01 (including)
Jdk	Sun	1.4.1_02 (including)	1.4.1_02 (including)
Jdk	Sun	1.4.1_03 (including)	1.4.1_03 (including)
Jdk	Sun	1.4.2 (including)	1.4.2 (including)
Jdk	Sun	1.4.2_01 (including)	1.4.2_01 (including)
Jdk	Sun	1.4.2_02 (including)	1.4.2_02 (including)
Jdk	Sun	1.4.2_03 (including)	1.4.2_03 (including)
Jdk	Sun	1.4.2_04 (including)	1.4.2_04 (including)
Jdk	Sun	1.4.2_05 (including)	1.4.2_05 (including)
Jre	Sun	1.3.0 (including)	1.3.0 (including)
Jre	Sun	1.3.0-update1 (including)	1.3.0-update1 (including)
Jre	Sun	1.3.0-update2 (including)	1.3.0-update2 (including)
Jre	Sun	1.3.0-update3 (including)	1.3.0-update3 (including)
Jre	Sun	1.3.0-update4 (including)	1.3.0-update4 (including)
Jre	Sun	1.3.0-update5 (including)	1.3.0-update5 (including)
Jre	Sun	1.3.1 (including)	1.3.1 (including)
Jre	Sun	1.3.1-update1 (including)	1.3.1-update1 (including)
Jre	Sun	1.3.1-update1a (including)	1.3.1-update1a (including)
Jre	Sun	1.3.1-update4 (including)	1.3.1-update4 (including)
Jre	Sun	1.3.1-update8 (including)	1.3.1-update8 (including)
Jre	Sun	1.3.1_02 (including)	1.3.1_02 (including)
Jre	Sun	1.3.1_03 (including)	1.3.1_03 (including)
Jre	Sun	1.3.1_05 (including)	1.3.1_05 (including)
Jre	Sun	1.3.1_06 (including)	1.3.1_06 (including)
Jre	Sun	1.3.1_07 (including)	1.3.1_07 (including)
Jre	Sun	1.3.1_09 (including)	1.3.1_09 (including)
Jre	Sun	1.4 (including)	1.4 (including)
Jre	Sun	1.4.0_01 (including)	1.4.0_01 (including)
Jre	Sun	1.4.0_02 (including)	1.4.0_02 (including)
Jre	Sun	1.4.0_03 (including)	1.4.0_03 (including)
Jre	Sun	1.4.0_04 (including)	1.4.0_04 (including)
Jre	Sun	1.4.1 (including)	1.4.1 (including)
Jre	Sun	1.4.1-update3 (including)	1.4.1-update3 (including)
Jre	Sun	1.4.1_01 (including)	1.4.1_01 (including)
Jre	Sun	1.4.1_02 (including)	1.4.1_02 (including)
Jre	Sun	1.4.1_07 (including)	1.4.1_07 (including)
Jre	Sun	1.4.2 (including)	1.4.2 (including)
Jre	Sun	1.4.2-update1 (including)	1.4.2-update1 (including)
Jre	Sun	1.4.2-update2 (including)	1.4.2-update2 (including)
Jre	Sun	1.4.2-update3 (including)	1.4.2-update3 (including)
Jre	Sun	1.4.2-update4 (including)	1.4.2-update4 (including)
Jre	Sun	1.4.2-update5 (including)	1.4.2-update5 (including)
Enterprise_firewall	Symantec	8.0 (including)	8.0 (including)
Linux	Conectiva	10.0 (including)	10.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1029
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References