Vulnerability Description
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Java Sdk-Rte | 1.3 |
| Sun | Jdk | 1.3.1_01 |
| Sun | Jre | 1.3.0 |
| Symantec | Enterprise Firewall | 8.0 |
| Conectiva | Linux | 10.0 |
| Gentoo | Linux | All versions |
| Hp | Hp-Ux | 11.00 |
| Symantec | Gateway Security 5400 | 2.0 |
Related Weaknesses (CWE)
References
- http://jouko.iki.fi/adv/javaplugin.html
- http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
- http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1
- http://secunia.com/advisories/13271Vendor Advisory
- http://secunia.com/advisories/29035Vendor Advisory
- http://securityreason.com/securityalert/61
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1PatchVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21257249
- http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/760344US Government Resource
- http://www.securityfocus.com/bid/12317Patch
- http://www.vupen.com/english/advisories/2008/0599Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2004-1029?
CVE-2004-1029 is a vulnerability with a CVSS score of 9.3 (HIGH). The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data ...
How severe is CVE-2004-1029?
CVE-2004-1029 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1029?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Java Sdk-Rte, Sun Jdk, Sun Jre, Symantec Enterprise Firewall, Conectiva Linux.