PT-2003-2174 · Oracle · Sdk +4

Name of the Vulnerable Software and Affected Versions: Java Secure Socket Extension JSSE in SDK and JRE versions 1.4.0 through 1.4.0 01 JSSE versions prior to 1.0.3 Java Plug-in SDK and JRE versions 1.3.0 through 1.4.1 Java Web Start versions 1.0 through 1.2 Description: The X509TrustManager in t...

Incorrect Certificate Validation in Java Secure Socket Extension

According to SUN it has been reported that: "the Java Secure Socket Extension JSSE may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions. The Java Plug-in and Java Web Start may incorrectly validate the...

CVE-2002-2005

Unknown vulnerability in Java web start 1.0.101, 1.0.1, 1.0 and 1.0.1.01 HP-UX 11.x only allows attackers to gain access to restricted resources via unknown attack vectors...

Unauthorized access via Java Web Start

It's possible to pass property name="NAME" value="VALUE"/ with names different from jnlp. and javaws., it allows to leave sandbox...

Security Bulletin #00217

Courtesy of Sun Microsystems. -----BEGIN PGP SIGNED MESSAGE----- Sun Microsystems, Inc. Security Bulletin Bulletin Number: 00217 Date: March 18, 2002 Cross-Ref: Title: JavaTM Web Start The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind...