Back to search
CVE-2003-1229
Published: Aug 17, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1006001
vdb-entry
x_refsource_SECTRACK
1007483
vdb-entry
x_refsource_SECTRACK
1006007
vdb-entry
x_refsource_SECTRACK
http://java.sun.com/products/jsse/CHANGES.txt
x_refsource_CONFIRM
HPSBUX0301-239
vendor-advisory
x_refsource_HP
sun-java-improper-validation(11182)
vdb-entry
x_refsource_XF
7943
third-party-advisory
x_refsource_SECUNIA
6682
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:5883
vdb-entry
signature
x_refsource_OVAL
50081
vendor-advisory
x_refsource_SUNALERT
20030128 Incorrect Certificate Validation in Java Secure Socket Extension
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now