7.6 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
80.9%
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
CPE | Name | Operator | Version |
---|---|---|---|
sun:jsse | sun jsse | eq | 1.0.3 |
sun:java_web_start | sun java web start | le | 1.2 |
oracle:jre | oracle jre | le | 1.4.1 |
archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
java.sun.com/products/jsse/CHANGES.txt
secunia.com/advisories/7943
securitytracker.com/id?1006007
securitytracker.com/id?1007483
sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
www.securityfocus.com/bid/6682
www.securitytracker.com/id?1006001
www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
exchange.xforce.ibmcloud.com/vulnerabilities/11182
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883