Sun Java Runtime Environment allows untrusted applets to access information within trusted applets

ID VU:393292
Type cert
Reporter CERT
Modified 2003-06-10T00:00:00



The Sun Java Runtime Environment (JRE) contains a vulnerability that may lead to sensitive information being leaked.


Sun Microsystems describes the Sun JRE as follows:

The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets and applications written in the Java programming language. It does not contain tools and utilities such as compilers or debuggers for developing applets and applications.
Sun Alert 55100 indicates that a vulnerability in the Sun JRE "may allow an untrusted applet to access information from a trusted applet. This is not allowed by the Java security model. The trusted applet must contain code that exploits this vulnerability."


An attacker may be able to gain access to sensitive information.


Upgrade to the latest versions of Sun SDK and JRE, which are available from <>.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Sun Microsystems Inc.| | -| 10 Jun 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A



This vulnerability was discovered by RecipeXperience.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 04 Jun 2003
  • Date First Published: 10 Jun 2003
  • Date Last Updated: 10 Jun 2003
  • Severity Metric: 5.62
  • Document Revision: 14