CVE-2004-2764 | Vulnerability Database | Aqua Security

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka XML sniffing.

Affected Software

Name	Vendor	Start Version	End Version
Jre	Sun	1.4.0 (including)	1.4.0 (including)
Jre	Sun	1.4.0_01 (including)	1.4.0_01 (including)
Jre	Sun	1.4.0_02 (including)	1.4.0_02 (including)
Jre	Sun	1.4.0_03 (including)	1.4.0_03 (including)
Jre	Sun	1.4.0_04 (including)	1.4.0_04 (including)
Jre	Sun	1.4.1 (including)	1.4.1 (including)
Jre	Sun	1.4.1-update1 (including)	1.4.1-update1 (including)
Jre	Sun	1.4.1-update2 (including)	1.4.1-update2 (including)
Jre	Sun	1.4.1-update3 (including)	1.4.1-update3 (including)
Jre	Sun	1.4.1-update4 (including)	1.4.1-update4 (including)
Jre	Sun	1.4.1-update7 (including)	1.4.1-update7 (including)
Jre	Sun	1.4.1_01 (including)	1.4.1_01 (including)
Jre	Sun	1.4.1_02 (including)	1.4.1_02 (including)
Jre	Sun	1.4.1_03 (including)	1.4.1_03 (including)
Jre	Sun	1.4.1_04 (including)	1.4.1_04 (including)
Jre	Sun	1.4.1_05 (including)	1.4.1_05 (including)
Jre	Sun	1.4.1_06 (including)	1.4.1_06 (including)
Jre	Sun	1.4.1_07 (including)	1.4.1_07 (including)
Jre	Sun	1.4.2 (including)	1.4.2 (including)
Jre	Sun	1.4.2-update1 (including)	1.4.2-update1 (including)
Jre	Sun	1.4.2-update2 (including)	1.4.2-update2 (including)
Jre	Sun	1.4.2-update3 (including)	1.4.2-update3 (including)
Jre	Sun	1.4.2-update4 (including)	1.4.2-update4 (including)
Jre	Sun	1.4.2-update5 (including)	1.4.2-update5 (including)
Jre	Sun	1.4.2_01 (including)	1.4.2_01 (including)
Jre	Sun	1.4.2_1 (including)	1.4.2_1 (including)
Jre	Sun	1.4.2_2 (including)	1.4.2_2 (including)
Jre	Sun	1.4.2_02 (including)	1.4.2_02 (including)
Jre	Sun	1.4.2_03 (including)	1.4.2_03 (including)
Jre	Sun	1.4.2_3 (including)	1.4.2_3 (including)
Jre	Sun	1.4.2_4 (including)	1.4.2_4 (including)
Jre	Sun	1.4.2_04 (including)	1.4.2_04 (including)
Jre	Sun	1.4.2_5 (including)	1.4.2_5 (including)
Jre	Sun	1.4.2_6 (including)	1.4.2_6 (including)
Jre	Sun	1.4.2_7 (including)	1.4.2_7 (including)
Jre	Sun	1.4.2_8 (including)	1.4.2_8 (including)
Jre	Sun	1.4.2_9 (including)	1.4.2_9 (including)
Jre	Sun	1.4.2_10 (including)	1.4.2_10 (including)
Jre	Sun	1.4.2_11 (including)	1.4.2_11 (including)
Jre	Sun	1.4.2_12 (including)	1.4.2_12 (including)
Jre	Sun	1.4.2_13 (including)	1.4.2_13 (including)
Jre	Sun	1.4.2_14 (including)	1.4.2_14 (including)
Jre	Sun	1.4.2_15 (including)	1.4.2_15 (including)
Jre	Sun	1.4.2_21 (including)	1.4.2_21 (including)
Sdk	Sun	1.4.0 (including)	1.4.0 (including)
Sdk	Sun	1.4.0_01 (including)	1.4.0_01 (including)
Sdk	Sun	1.4.0_02 (including)	1.4.0_02 (including)
Sdk	Sun	1.4.0_03 (including)	1.4.0_03 (including)
Sdk	Sun	1.4.0_04 (including)	1.4.0_04 (including)
Sdk	Sun	1.4.1 (including)	1.4.1 (including)
Sdk	Sun	1.4.1_01 (including)	1.4.1_01 (including)
Sdk	Sun	1.4.1_02 (including)	1.4.1_02 (including)
Sdk	Sun	1.4.1_03 (including)	1.4.1_03 (including)
Sdk	Sun	1.4.1_04 (including)	1.4.1_04 (including)
Sdk	Sun	1.4.1_05 (including)	1.4.1_05 (including)
Sdk	Sun	1.4.1_06 (including)	1.4.1_06 (including)
Sdk	Sun	1.4.1_07 (including)	1.4.1_07 (including)
Sdk	Sun	1.4.2 (including)	1.4.2 (including)
Sdk	Sun	1.4.2_01 (including)	1.4.2_01 (including)
Sdk	Sun	1.4.2_02 (including)	1.4.2_02 (including)
Sdk	Sun	1.4.2_03 (including)	1.4.2_03 (including)
Sdk	Sun	1.4.2_04 (including)	1.4.2_04 (including)

References

http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161\u0026_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
http://secunia.com/advisories/12206
http://securitytracker.com/id?1011661
http://www.osvdb.org/8288
http://www.securityfocus.com/archive/1/371208
http://www.securityfocus.com/bid/10844
https://exchange.xforce.ibmcloud.com/vulnerabilities/16864
http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161\u0026_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
http://secunia.com/advisories/12206
http://securitytracker.com/id?1011661
http://www.osvdb.org/8288
http://www.securityfocus.com/archive/1/371208
http://www.securityfocus.com/bid/10844
https://exchange.xforce.ibmcloud.com/vulnerabilities/16864

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2764
CWE	https://cwe.mitre.org/data/definitions/264.html