Lucene search

[email protected]CVE-2004-2764

HistoryJun 02, 2009 - 10:30 a.m.

CVE-2004-2764

2009-06-0210:30:00

CWE-264

[email protected]

web.nvd.nist.gov

sun sdk

java runtime environment

vulnerability

untrusted applets

xslt processor

xml sniffing

cve-2004-2764

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka “XML sniffing.”

Affected configurations

NVD

Node

sunjreMatch1.4.0

sunjreMatch1.4.0_01

sunjreMatch1.4.0_01linux

sunjreMatch1.4.0_01solaris

sunjreMatch1.4.0_01windows

sunjreMatch1.4.0_02

sunjreMatch1.4.0_02linux

sunjreMatch1.4.0_02solaris

sunjreMatch1.4.0_02windows

sunjreMatch1.4.0_03

sunjreMatch1.4.0_03linux

sunjreMatch1.4.0_03solaris

sunjreMatch1.4.0_03windows

sunjreMatch1.4.0_04

sunjreMatch1.4.0_04linux

sunjreMatch1.4.0_04solaris

sunjreMatch1.4.0_04windows

sunjreMatch1.4.1

sunjreMatch1.4.1linux

sunjreMatch1.4.1solaris

sunjreMatch1.4.1windows

sunjreMatch1.4.1update1

sunjreMatch1.4.1update2

sunjreMatch1.4.1update3

sunjreMatch1.4.1update3linux

sunjreMatch1.4.1update3solaris

sunjreMatch1.4.1update3windows

sunjreMatch1.4.1update4

sunjreMatch1.4.1update7

sunjreMatch1.4.1_01

sunjreMatch1.4.1_01linux

sunjreMatch1.4.1_01solaris

sunjreMatch1.4.1_01windows

sunjreMatch1.4.1_02

sunjreMatch1.4.1_02linux

sunjreMatch1.4.1_02solaris

sunjreMatch1.4.1_02windows

sunjreMatch1.4.1_03

sunjreMatch1.4.1_03linux

sunjreMatch1.4.1_03solaris

sunjreMatch1.4.1_03windows

sunjreMatch1.4.1_04

sunjreMatch1.4.1_04linux

sunjreMatch1.4.1_04solaris

sunjreMatch1.4.1_04windows

sunjreMatch1.4.1_05

sunjreMatch1.4.1_05linux

sunjreMatch1.4.1_05solaris

sunjreMatch1.4.1_05windows

sunjreMatch1.4.1_06

sunjreMatch1.4.1_06linux

sunjreMatch1.4.1_06solaris

sunjreMatch1.4.1_06windows

sunjreMatch1.4.1_07

sunjreMatch1.4.1_07linux

sunjreMatch1.4.1_07solaris

sunjreMatch1.4.1_07windows

sunjreMatch1.4.2

sunjreMatch1.4.2linux

sunjreMatch1.4.2solaris

sunjreMatch1.4.2windows

sunjreMatch1.4.2update1linux

sunjreMatch1.4.2update1solaris

sunjreMatch1.4.2update1windows

sunjreMatch1.4.2update2linux

sunjreMatch1.4.2update2solaris

sunjreMatch1.4.2update2windows

sunjreMatch1.4.2update3linux

sunjreMatch1.4.2update3solaris

sunjreMatch1.4.2update3windows

sunjreMatch1.4.2update4linux

sunjreMatch1.4.2update4solaris

sunjreMatch1.4.2update4windows

sunjreMatch1.4.2update5linux

sunjreMatch1.4.2update5solaris

sunjreMatch1.4.2update5windows

sunjreMatch1.4.2_01

sunjreMatch1.4.2_1

sunjreMatch1.4.2_2

sunjreMatch1.4.2_02

sunjreMatch1.4.2_03

sunjreMatch1.4.2_3

sunjreMatch1.4.2_4

sunjreMatch1.4.2_04

sunjreMatch1.4.2_5

sunjreMatch1.4.2_6

sunjreMatch1.4.2_7

sunjreMatch1.4.2_8

sunjreMatch1.4.2_9

sunjreMatch1.4.2_10

sunjreMatch1.4.2_11

sunjreMatch1.4.2_12

sunjreMatch1.4.2_13

sunjreMatch1.4.2_14

sunjreMatch1.4.2_15

sunjreMatch1.4.2_21

sunsdkMatch1.4.0

sunsdkMatch1.4.0_01

sunsdkMatch1.4.0_02

sunsdkMatch1.4.0_03

sunsdkMatch1.4.0_04

sunsdkMatch1.4.1

sunsdkMatch1.4.1_01

sunsdkMatch1.4.1_02

sunsdkMatch1.4.1_03

sunsdkMatch1.4.1_04

sunsdkMatch1.4.1_05

sunsdkMatch1.4.1_06

sunsdkMatch1.4.1_07

sunsdkMatch1.4.2

sunsdkMatch1.4.2_01

sunsdkMatch1.4.2_02

sunsdkMatch1.4.2_03

sunsdkMatch1.4.2_04

CPENameOperatorVersion
sun:jresun jreeq1.4.0
sun:jresun jreeq1.4.0_01
sun:jresun jreeq1.4.0_02
sun:jresun jreeq1.4.0_03
sun:jresun jreeq1.4.0_04
sun:jresun jreeq1.4.1
sun:jresun jreeq1.4.1_01
sun:jresun jreeq1.4.1_02
sun:jresun jreeq1.4.1_03
sun:jresun jreeq1.4.1_04

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.4.0
sun:jre	sun jre	eq	1.4.0_01
sun:jre	sun jre	eq	1.4.0_02
sun:jre	sun jre	eq	1.4.0_03
sun:jre	sun jre	eq	1.4.0_04
sun:jre	sun jre	eq	1.4.1
sun:jre	sun jre	eq	1.4.1_01
sun:jre	sun jre	eq	1.4.1_02
sun:jre	sun jre	eq	1.4.1_03
sun:jre	sun jre	eq	1.4.1_04

Rows per page:

1-10 of 521

References

archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html

groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d

secunia.com/advisories/12206

securitytracker.com/id?1011661

www.osvdb.org/8288

www.securityfocus.com/archive/1/371208

www.securityfocus.com/bid/10844

exchange.xforce.ibmcloud.com/vulnerabilities/16864

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2004-2764

nvd1 cvelist1