Vulnerability Description
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java Plug-In | 1.4 |
| Sun | Jre | 1.3.0 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.htmlVendor Advisory
- http://www.iss.net/security_center/static/7048.php
- http://www.securityfocus.com/bid/3245ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.htmlVendor Advisory
- http://www.iss.net/security_center/static/7048.php
- http://www.securityfocus.com/bid/3245ExploitPatchVendor Advisory
FAQ
What is CVE-2001-1008?
CVE-2001-1008 is a vulnerability with a CVSS score of 7.5 (HIGH). Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an e...
How severe is CVE-2001-1008?
CVE-2001-1008 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1008?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java Plug-In, Sun Jre.