Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-1029 | First vendor Publication | 2005-03-01 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5013049.nasl |
2009-05-05 | Name : HP-UX Update for Java Plug-In (JPI) HPSBUX01100 File : nvt/gb_hp_ux_HPSBUX01100.nasl |
2009-05-05 | Name : HP-UX Update for Java Web Start HPSBUX01214 File : nvt/gb_hp_ux_HPSBUX01214.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-38 (Java) File : nvt/glsa_200411_38.nasl |
2008-09-04 | Name : FreeBSD Ports: jdk File : nvt/freebsd_jdk0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12095 | Sun Java JRE Plug-in Capability Arbitrary Package Access Java contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the reflection API to access packages which are supposed to be private to the Virtual Machine, and may allow access to memory or unauthorized privileges. This flaw may lead to a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle Java Plugin security bypass RuleID : 21462 - Revision : 6 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Web Start malicious parameter value RuleID : 17586 - Revision : 14 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-22 | Name : The remote Unix host has an application that is affected by a security bypass... File : java_jre_multiple_applet_vulnerability_unix.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ac619d063ef811d98741c942c075aa41.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-002.nasl - Type : ACT_GATHER_INFO |
2005-01-22 | Name : The remote Windows host has an application that is affected by a security byp... File : java_jre_multiple_applet_vulnerability.nasl - Type : ACT_GATHER_INFO |
2004-11-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-38.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:26 |
|
2021-04-22 01:02:36 |
|
2020-05-23 00:15:56 |
|
2017-10-11 09:23:24 |
|
2017-07-11 12:01:33 |
|
2016-04-26 12:55:10 |
|
2014-02-17 10:28:19 |
|
2014-01-19 21:22:20 |
|
2013-05-11 11:43:41 |
|