CVE-2003-1229

Vulnerability Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.htmlBroken Link
• http://java.sun.com/products/jsse/CHANGES.txtBroken LinkVendor Advisory
• http://secunia.com/advisories/7943Broken LinkPatchVendor Advisory
• http://securitytracker.com/id?1006007Broken LinkThird Party AdvisoryVDB Entry
• http://securitytracker.com/id?1007483Broken LinkThird Party AdvisoryVDB Entry
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1Broken LinkPatchVendor Advisory
• http://www.securityfocus.com/bid/6682Broken LinkPatchThird Party Advisory
• http://www.securitytracker.com/id?1006001Broken LinkThird Party AdvisoryVDB Entry
• http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239Broken Link
• https://exchange.xforce.ibmcloud.com/vulnerabilities/11182Third Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
• http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.htmlBroken Link
• http://java.sun.com/products/jsse/CHANGES.txtBroken LinkVendor Advisory
• http://secunia.com/advisories/7943Broken LinkPatchVendor Advisory
• http://securitytracker.com/id?1006007Broken LinkThird Party AdvisoryVDB Entry