Lucene search

MitreCVE-2003-0896

HistoryNov 17, 2003 - 5:00 a.m.

CVE-2003-0896

2003-11-1705:00:00

mitre

web.nvd.nist.gov

cve-2003-0896

java virtual machine

sun sdk

jre

security manager

remote code execution

sandbox restrictions

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains “/” (slash) instead of “.” (dot) characters, which bypasses a call to the Security Manager’s checkPackageAccess method.

Affected configurations

Nvd

Node

sunjreRange≤1.4.1update3

VendorProductVersionCPE
sunjre*cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jre	*	cpe:2.3:a:sun:jre::update3::::::*

References

lsd-pl.net/code/JVM/jre.tar.gz

marc.info/?l=bugtraq&m=106692334503819&w=2

sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221

sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1

www.securityfocus.com/advisories/6028

www.securityfocus.com/archive/1/342580

www.securityfocus.com/archive/1/342583

www.securityfocus.com/bid/8879

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

Related for CVE-2003-0896