Vulnerability Description
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jre | 1.4.0 |
| Sun | Sdk | 1.4.0 |
Related Weaknesses (CWE)
References
- http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/
- http://secunia.com/advisories/12206Vendor Advisory
- http://securitytracker.com/id?1011661
- http://www.osvdb.org/8288
- http://www.securityfocus.com/archive/1/371208
- http://www.securityfocus.com/bid/10844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16864
- http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/
- http://secunia.com/advisories/12206Vendor Advisory
- http://securitytracker.com/id?1011661
- http://www.osvdb.org/8288
- http://www.securityfocus.com/archive/1/371208
- http://www.securityfocus.com/bid/10844
FAQ
What is CVE-2004-2764?
CVE-2004-2764 is a vulnerability with a CVSS score of 10.0 (HIGH). Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read dat...
How severe is CVE-2004-2764?
CVE-2004-2764 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2764?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jre, Sun Sdk.