Improper Certificate Validation in Java Secure Socket Extension by Sun Microsystems
CVE-2003-1229

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Jdk; Java Web Start; Jsse
Vendor: CVE Published:; 31 December 2003

What is CVE-2003-1229?

The Java Secure Socket Extension (JSSE) in several versions of the Java SDK and JRE contains a vulnerability in the X509TrustManager component that improperly calls the isClientTrusted method. This flaw allows remote attackers to potentially authenticate as trusted peers in SSL connections and incorrectly validate signed JAR files, leading to security risks associated with unauthorized access and data integrity issues.

References

http://www.securitytracker.com/id?1006001

vdb-entryx_refsource_SECTRACK

http://securitytracker.com/id?1007483

vdb-entryx_refsource_SECTRACK

http://securitytracker.com/id?1006007

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Aug 17, 2005
Vulnerability published
Dec 31, 2003

Oracle

What is CVE-2003-1229?

References

Timeline