CVE-2003-1229 Information

Feb 14, 2021 cve

Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01 (2) JSSE before 1.0.3 (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1 and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Reference

http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html http://java.sun.com/products/jsse/CHANGES.txt http://secunia.com/advisories/7943 http://securitytracker.com/id?1006007 http://securitytracker.com/id?1007483 http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1 http://www.securityfocus.com/bid/6682 http://www.securitytracker.com/id?1006001 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239 https://exchange.xforce.ibmcloud.com/vulnerabilities/11182 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5883

Share on: