Back to search
CVE-2004-1029
Published: Nov 24, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20041122 Sun Java Plugin Arbitrary Package Access Vulnerability
third-party-advisory
x_refsource_IDEFENSE
http://jouko.iki.fi/adv/javaplugin.html
x_refsource_MISC
oval:org.mitre.oval:def:5674
vdb-entry
signature
x_refsource_OVAL
APPLE-SA-2005-02-22
vendor-advisory
x_refsource_APPLE
13271
third-party-advisory
x_refsource_SECUNIA
29035
third-party-advisory
x_refsource_SECUNIA
61
third-party-advisory
x_refsource_SREASON
12317
vdb-entry
x_refsource_BID
ADV-2008-0599
vdb-entry
x_refsource_VUPEN
sdk-jre-applet-restriction-bypass(18188)
vdb-entry
x_refsource_XF
101523
vendor-advisory
x_refsource_SUNALERT
VU#760344
third-party-advisory
x_refsource_CERT-VN
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
x_refsource_CONFIRM
57591
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now