CVE-2003-1229

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Jdk; Java Web Start; Jsse
Vendor: CVE Published:; 31 December 2003

Summary

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

References

http://www.securitytracker.com/id?1006001

vdb-entryx_refsource_SECTRACK

http://securitytracker.com/id?1007483

vdb-entryx_refsource_SECTRACK

http://securitytracker.com/id?1006007

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Aug 17, 2005
Vulnerability published
Dec 31, 2003