Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2003-1229

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Published

2003-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	jre	≤ 1.4.1	Yes
Application	sun	java_web_start	≤ 1.2	Yes
Application	sun	jsse	1.0.3	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html Broken Link ([email protected])
http://java.sun.com/products/jsse/CHANGES.txt Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/7943 Broken Link, Patch, Vendor Advisory ([email protected])
http://securitytracker.com/id?1006007 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1007483 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1 Broken Link, Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/6682 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1006001 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883 Broken Link ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://java.sun.com/products/jsse/CHANGES.txt Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/7943 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1006007 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1007483 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/6682 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1006001 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883 Broken Link (af854a3a-2127-422b-91ae-364da2661108)