Executive Summary

Informations
Name CVE-2004-1029 First vendor Publication 2005-03-01
Vendor Cve Last vendor Modification 2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5674
 
Oval ID: oval:org.mitre.oval:def:5674
Title: HP-UX Java Web Start, Remote Unauthorized Privileged Access
Description: The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1029
 Version: 4
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 58
Application 86
Application 3
Hardware 2
Os 1
Os 1
Os 4

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Java2
File : nvt/sles9p5013049.nasl
2009-05-05 Name : HP-UX Update for Java Plug-In (JPI) HPSBUX01100
File : nvt/gb_hp_ux_HPSBUX01100.nasl
2009-05-05 Name : HP-UX Update for Java Web Start HPSBUX01214
File : nvt/gb_hp_ux_HPSBUX01214.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200411-38 (Java)
File : nvt/glsa_200411_38.nasl
2008-09-04 Name : FreeBSD Ports: jdk
File : nvt/freebsd_jdk0.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
12095 Sun Java JRE Plug-in Capability Arbitrary Package Access

Java contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the reflection API to access packages which are supposed to be private to the Virtual Machine, and may allow access to memory or unauthorized privileges. This flaw may lead to a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java Plugin security bypass
RuleID : 21462 - Revision : 6 - Type : FILE-JAVA
2014-01-10 Oracle Java Web Start malicious parameter value
RuleID : 17586 - Revision : 14 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2013-02-22 Name : The remote Unix host has an application that is affected by a security bypass...
File : java_jre_multiple_applet_vulnerability_unix.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ac619d063ef811d98741c942c075aa41.nasl - Type : ACT_GATHER_INFO
2005-02-22 Name : The remote host is missing a Mac OS X update that fixes a security issue.
File : macosx_SecUpd2005-002.nasl - Type : ACT_GATHER_INFO
2005-01-22 Name : The remote Windows host has an application that is affected by a security byp...
File : java_jre_multiple_applet_vulnerability.nasl - Type : ACT_GATHER_INFO
2004-11-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200411-38.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
BID http://www.securityfocus.com/bid/12317
CERT-VN http://www.kb.cert.org/vuls/id/760344
CONFIRM http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-sr...
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
IDEFENSE http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
MISC http://jouko.iki.fi/adv/javaplugin.html
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/13271
http://secunia.com/advisories/29035
SREASON http://securityreason.com/securityalert/61
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
VUPEN http://www.vupen.com/english/advisories/2008/0599
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/18188

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:02:26
  • Multiple Updates
2021-04-22 01:02:36
  • Multiple Updates
2020-05-23 00:15:56
  • Multiple Updates
2017-10-11 09:23:24
  • Multiple Updates
2017-07-11 12:01:33
  • Multiple Updates
2016-04-26 12:55:10
  • Multiple Updates
2014-02-17 10:28:19
  • Multiple Updates
2014-01-19 21:22:20
  • Multiple Updates
2013-05-11 11:43:41
  • Multiple Updates