Java Plug-in Vulnerability in Xalan Processor by Apache
CVE-2003-1516

Currently unrated

Key Information:

Vendor

Oracle
Status
Java Plug-in
Vendor
CVE Published:
31 December 2003

What is CVE-2003-1516?

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in version 1.4.2_01 contains a vulnerability that allows both signed and unsigned applets to share variables. This breaches the Java security model, enabling remote attackers to potentially read or modify sensitive data belonging to a signed applet, leading to serious security implications. Users of this Java Plug-in version should take immediate action to mitigate the risks associated with this flaw, ensuring their applet implementations are secure.

References

http://www.securityfocus.com/archive/1/341815
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/8857
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.