Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2003-1229

Опубликовано: 31 дек. 2003
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Версия от 1.3.0 (включая) до 1.4.1 (включая)
cpe:2.3:a:sun:java_web_start:*:*:*:*:*:*:*:*
Версия от 1.0 (включая) до 1.2 (включая)
cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01293
Низкий

7.5 High

CVSS2

Дефекты

CWE-295

Связанные уязвимости

github логотип

GHSA-8f8h-rq9j-vxqg

github
почти 4 года назад

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

EPSS

Процентиль: 79%
0.01293
Низкий

7.5 High

CVSS2

Дефекты

CWE-295