CVE-2004-1029

Currently unrated

Key Information:

Vendor: Oracle
Status: Jre; Enterprise Firewall; Jdk; Java Sdk-rte
Vendor: CVE Published:; 1 March 2005

Summary

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

References

http://www.idefense.com/application/poi/display?id=158&ty...

third-party-advisoryx_refsource_IDEFENSE

http://jouko.iki.fi/adv/javaplugin.html

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 1, 2005
Vulnerability Reserved
Nov 12, 2004