CVE-2004-1029
NONE EPSS 96.7%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Threat Intelligence
EPSS Exploit Probability
96.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 157
| Vendor | Product | Version | Range |
|---|---|---|---|
| hp | java_sdk-rte | 1.3 | any |
| hp | java_sdk-rte | 1.4 | any |
| sun | jdk | 1.3.1_01 | any |
| sun | jdk | 1.3.1_01 | any |
| sun | jdk | 1.3.1_01a | any |
| sun | jdk | 1.3.1_02 | any |
| sun | jdk | 1.3.1_02 | any |
| sun | jdk | 1.3.1_02 | any |
| sun | jdk | 1.3.1_03 | any |
| sun | jdk | 1.3.1_03 | any |
| sun | jdk | 1.3.1_03 | any |
| sun | jdk | 1.3.1_04 | any |
| sun | jdk | 1.3.1_05 | any |
| sun | jdk | 1.3.1_05 | any |
| sun | jdk | 1.3.1_05 | any |
| sun | jdk | 1.3.1_06 | any |
| sun | jdk | 1.3.1_06 | any |
| sun | jdk | 1.3.1_06 | any |
| sun | jdk | 1.3.1_07 | any |
| sun | jdk | 1.3.1_07 | any |
| sun | jdk | 1.3.1_07 | any |
| sun | jdk | 1.4 | any |
| sun | jdk | 1.4 | any |
| sun | jdk | 1.4 | any |
| sun | jdk | 1.4.0_01 | any |
| sun | jdk | 1.4.0_02 | any |
| sun | jdk | 1.4.0_02 | any |
| sun | jdk | 1.4.0_02 | any |
| sun | jdk | 1.4.0_03 | any |
| sun | jdk | 1.4.0_03 | any |
| sun | jdk | 1.4.0_03 | any |
| sun | jdk | 1.4.0_4 | any |
| sun | jdk | 1.4.0_4 | any |
| sun | jdk | 1.4.0_4 | any |
| sun | jdk | 1.4.1 | any |
| sun | jdk | 1.4.1 | any |
| sun | jdk | 1.4.1 | any |
| sun | jdk | 1.4.1_01 | any |
| sun | jdk | 1.4.1_01 | any |
| sun | jdk | 1.4.1_01 | any |
| sun | jdk | 1.4.1_02 | any |
| sun | jdk | 1.4.1_02 | any |
| sun | jdk | 1.4.1_02 | any |
| sun | jdk | 1.4.1_03 | any |
| sun | jdk | 1.4.1_03 | any |
| sun | jdk | 1.4.1_03 | any |
| sun | jdk | 1.4.2 | any |
| sun | jdk | 1.4.2 | any |
| sun | jdk | 1.4.2 | any |
| sun | jdk | 1.4.2_01 | any |
| sun | jdk | 1.4.2_02 | any |
| sun | jdk | 1.4.2_03 | any |
| sun | jdk | 1.4.2_03 | any |
| sun | jdk | 1.4.2_03 | any |
| sun | jdk | 1.4.2_04 | any |
| sun | jdk | 1.4.2_04 | any |
| sun | jdk | 1.4.2_04 | any |
| sun | jdk | 1.4.2_05 | any |
| sun | jdk | 1.4.2_05 | any |
| sun | jdk | 1.4.2_05 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.0 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1 | any |
| sun | jre | 1.3.1_02 | any |
| sun | jre | 1.3.1_02 | any |
| sun | jre | 1.3.1_02 | any |
| sun | jre | 1.3.1_03 | any |
| sun | jre | 1.3.1_03 | any |
| sun | jre | 1.3.1_03 | any |
| sun | jre | 1.3.1_05 | any |
| sun | jre | 1.3.1_05 | any |
| sun | jre | 1.3.1_05 | any |
| sun | jre | 1.3.1_06 | any |
| sun | jre | 1.3.1_06 | any |
| sun | jre | 1.3.1_06 | any |
| sun | jre | 1.3.1_07 | any |
| sun | jre | 1.3.1_07 | any |
| sun | jre | 1.3.1_07 | any |
| sun | jre | 1.3.1_09 | any |
| sun | jre | 1.3.1_09 | any |
| sun | jre | 1.3.1_09 | any |
| sun | jre | 1.4 | any |
| sun | jre | 1.4 | any |
| sun | jre | 1.4 | any |
| sun | jre | 1.4.0_01 | any |
| sun | jre | 1.4.0_01 | any |
| sun | jre | 1.4.0_02 | any |
| sun | jre | 1.4.0_02 | any |
| sun | jre | 1.4.0_02 | any |
| sun | jre | 1.4.0_03 | any |
| sun | jre | 1.4.0_03 | any |
| sun | jre | 1.4.0_03 | any |
| sun | jre | 1.4.0_04 | any |
| sun | jre | 1.4.0_04 | any |
| sun | jre | 1.4.0_04 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1 | any |
| sun | jre | 1.4.1_01 | any |
| sun | jre | 1.4.1_01 | any |
| sun | jre | 1.4.1_01 | any |
| sun | jre | 1.4.1_02 | any |
| sun | jre | 1.4.1_02 | any |
| sun | jre | 1.4.1_02 | any |
| sun | jre | 1.4.1_07 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| sun | jre | 1.4.2 | any |
| symantec | enterprise_firewall | 8.0 | any |
| symantec | enterprise_firewall | 8.0 | any |
| symantec | enterprise_firewall | 8.0 | any |
| conectiva | linux | 10.0 | any |
| gentoo | linux | * | any |
| hp | hp-ux | 11.00 | any |
| hp | hp-ux | 11.11 | any |
| hp | hp-ux | 11.22 | any |
| hp | hp-ux | 11.23 | any |
| symantec | gateway_security_5400 | 2.0 | any |
| symantec | gateway_security_5400 | 2.0.1 | any |
References 15
- jouko.iki.fi http://jouko.iki.fi/adv/javaplugin.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
- rpmfind.net http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
- secunia.com http://secunia.com/advisories/13271
- secunia.com http://secunia.com/advisories/29035
- securityreason.com http://securityreason.com/securityalert/61
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
- www-1.ibm.com http://www-1.ibm.com/support/docview.wss?uid=swg21257249
- idefense.com http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
- kb.cert.org http://www.kb.cert.org/vuls/id/760344
- securityfocus.com http://www.securityfocus.com/bid/12317
- vupen.com http://www.vupen.com/english/advisories/2008/0599
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Remediation
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
- sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
- securityfocus.com http://www.securityfocus.com/bid/12317