CVE-2004-1029

NONE EPSS 96.7%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Threat Intelligence

EPSS Exploit Probability
96.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 157

VendorProductVersionRange
hpjava_sdk-rte1.3any
hpjava_sdk-rte1.4any
sunjdk1.3.1_01any
sunjdk1.3.1_01any
sunjdk1.3.1_01aany
sunjdk1.3.1_02any
sunjdk1.3.1_02any
sunjdk1.3.1_02any
sunjdk1.3.1_03any
sunjdk1.3.1_03any
sunjdk1.3.1_03any
sunjdk1.3.1_04any
sunjdk1.3.1_05any
sunjdk1.3.1_05any
sunjdk1.3.1_05any
sunjdk1.3.1_06any
sunjdk1.3.1_06any
sunjdk1.3.1_06any
sunjdk1.3.1_07any
sunjdk1.3.1_07any
sunjdk1.3.1_07any
sunjdk1.4any
sunjdk1.4any
sunjdk1.4any
sunjdk1.4.0_01any
sunjdk1.4.0_02any
sunjdk1.4.0_02any
sunjdk1.4.0_02any
sunjdk1.4.0_03any
sunjdk1.4.0_03any
sunjdk1.4.0_03any
sunjdk1.4.0_4any
sunjdk1.4.0_4any
sunjdk1.4.0_4any
sunjdk1.4.1any
sunjdk1.4.1any
sunjdk1.4.1any
sunjdk1.4.1_01any
sunjdk1.4.1_01any
sunjdk1.4.1_01any
sunjdk1.4.1_02any
sunjdk1.4.1_02any
sunjdk1.4.1_02any
sunjdk1.4.1_03any
sunjdk1.4.1_03any
sunjdk1.4.1_03any
sunjdk1.4.2any
sunjdk1.4.2any
sunjdk1.4.2any
sunjdk1.4.2_01any
sunjdk1.4.2_02any
sunjdk1.4.2_03any
sunjdk1.4.2_03any
sunjdk1.4.2_03any
sunjdk1.4.2_04any
sunjdk1.4.2_04any
sunjdk1.4.2_04any
sunjdk1.4.2_05any
sunjdk1.4.2_05any
sunjdk1.4.2_05any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.0any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1any
sunjre1.3.1_02any
sunjre1.3.1_02any
sunjre1.3.1_02any
sunjre1.3.1_03any
sunjre1.3.1_03any
sunjre1.3.1_03any
sunjre1.3.1_05any
sunjre1.3.1_05any
sunjre1.3.1_05any
sunjre1.3.1_06any
sunjre1.3.1_06any
sunjre1.3.1_06any
sunjre1.3.1_07any
sunjre1.3.1_07any
sunjre1.3.1_07any
sunjre1.3.1_09any
sunjre1.3.1_09any
sunjre1.3.1_09any
sunjre1.4any
sunjre1.4any
sunjre1.4any
sunjre1.4.0_01any
sunjre1.4.0_01any
sunjre1.4.0_02any
sunjre1.4.0_02any
sunjre1.4.0_02any
sunjre1.4.0_03any
sunjre1.4.0_03any
sunjre1.4.0_03any
sunjre1.4.0_04any
sunjre1.4.0_04any
sunjre1.4.0_04any
sunjre1.4.1any
sunjre1.4.1any
sunjre1.4.1any
sunjre1.4.1any
sunjre1.4.1any
sunjre1.4.1any
sunjre1.4.1_01any
sunjre1.4.1_01any
sunjre1.4.1_01any
sunjre1.4.1_02any
sunjre1.4.1_02any
sunjre1.4.1_02any
sunjre1.4.1_07any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
sunjre1.4.2any
symantecenterprise_firewall8.0any
symantecenterprise_firewall8.0any
symantecenterprise_firewall8.0any
conectivalinux10.0any
gentoolinux*any
hphp-ux11.00any
hphp-ux11.11any
hphp-ux11.22any
hphp-ux11.23any
symantecgateway_security_54002.0any
symantecgateway_security_54002.0.1any

References 15

  • jouko.iki.fi http://jouko.iki.fi/adv/javaplugin.html
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
  • rpmfind.net http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
  • secunia.com http://secunia.com/advisories/13271
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/29035
    Vendor Advisory
  • securityreason.com http://securityreason.com/securityalert/61
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
    PatchVendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
    PatchVendor Advisory
  • www-1.ibm.com http://www-1.ibm.com/support/docview.wss?uid=swg21257249
  • idefense.com http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
  • kb.cert.org http://www.kb.cert.org/vuls/id/760344
    US Government Resource
  • securityfocus.com http://www.securityfocus.com/bid/12317
    Patch
  • vupen.com http://www.vupen.com/english/advisories/2008/0599
    Vendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674

Remediation

  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
    PatchVendor Advisory
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/12317
    Patch