FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1029

This CVE name corresponds to:

Entered Topic
2004-11-25 jdk/jre -- Security Vulnerability With Java Plugin

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-1029 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-1029
Phase Assigned(20041112)

Description

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

References

Source Reference
IDEFENSE 20041122 Sun Java Plugin Arbitrary Package Access Vulnerability
MISC http://jouko.iki.fi/adv/javaplugin.html
CONFIRM http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21257249
APPLE APPLE-SA-2005-02-22
SUNALERT 57591
SUNALERT 101523
CERT-VN VU#760344
BID 12317
OVAL oval:org.mitre.oval:def:5674
VUPEN ADV-2008-0599
SECUNIA 13271
SECUNIA 29035
SREASON 61
XF sdk-jre-applet-restriction-bypass(18188)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.