Lucene search

[email protected]NVD:CVE-2003-0896

HistoryNov 17, 2003 - 5:00 a.m.

CVE-2003-0896

2003-11-1705:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains “/” (slash) instead of “.” (dot) characters, which bypasses a call to the Security Manager’s checkPackageAccess method.

Affected configurations

Nvd

Node

sunjreRange≤1.4.1update3

VendorProductVersionCPE
sunjre*cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jre	*	cpe:2.3:a:sun:jre::update3::::::*

References

lsd-pl.net/code/JVM/jre.tar.gz

marc.info/?l=bugtraq&m=106692334503819&w=2

sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221

sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1

www.securityfocus.com/advisories/6028

www.securityfocus.com/archive/1/342580

www.securityfocus.com/archive/1/342583

www.securityfocus.com/bid/8879

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.104

Percentile

95.0%

JSON

Related for NVD:CVE-2003-0896

cvelist1 exploitdb1 cve1