ID

VAR-200503-0071


CVE

CVE-2004-1029


TITLE

Sun Java Plug-in fails to restrict access to private Java packages

Trust: 0.8

sources: CERT/CC: VU#760344

DESCRIPTION

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. This issue occurs only in Internet Explorer running on Windows. The second issue allows an untrusted applet to interfere with another applet embedded in the same web page. This issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\'\'sandbox\'\' and all restrictions to access restricted resources and systems. I. The Critical Patch Update provides information about which components are affected, what access and authorization are required, and how data confidentiality, integrity, and availability may be impacted. Public reports describe vulnerabilities related to insecure password and temporary file handling and SQL injection. US-CERT strongly recommends that sites running Oracle review the Critical Patch Update, apply patches, and take other mitigating action as appropriate. Oracle HTTP Server is based on the Apache HTTP Server. Some Oracle products include Java components from Sun Microsystems. US-CERT is tracking all of these issues under VU#613562. As further information becomes available, we will publish individual Vulnerability Notes. Impact The impacts of these vulnerabilities vary depending on product or component and configuration. An attacker who compromises an Oracle database may be able to gain access to sensitive information. E-Business Suite patches are not cumulative, so E-Business Suite customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply. Oracle Collaboration Suite patches are not cumulative, so Oracle Collaboration Suite customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply. Workarounds It may be possible to mitigate some vulnerabilities by disabling or removing unnecessary components, restricting network access, and restricting access to temporary files. Appendix A. Appendix B. References * Critical Patch Update - July 2005- <http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.h tml> * Critical Patch Updates and Security Alerts - <http://www.oracle.com/technology/deploy/security/alerts.htm> * Map of Public Vulnerability to Advisory/Alert - <http://www.oracle.com/technology/deploy/security/pdf/public_vuln_ to_advisory_mapping.html> * US-CERT Vulnerability Note VU#613562 - <http://www.kb.cert.org/vuls/id/613562> * Oracle JDeveloper passes Plaintext Password - <http://www.red-database-security.com/advisory/oracle_jdeveloper_p asses_plaintext_password.html> * Oracle JDeveloper Plaintext Passwords - <http://www.red-database-security.com/advisory/oracle_jdeveloper_p laintext_password.html> * Oracle Forms Builder Password in Temp Files - <http://www.red-database-security.com/advisory/oracle_formsbuilder _temp_file_issue.html> * Oracle Forms Insecure Temporary File Handling - <http://www.red-database-security.com/advisory/oracle_forms_unsecu re_temp_file_handling.html> * Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i - <http://www.integrigy.com/alerts/OraCPU0705.htm> _________________________________________________________________ Information used in this document came from Red-Database-Security and Oracle. Oracle credits Qualys Inc., Application Security, Inc., Red Database Security GmbH, Integrigy, NGS Software, nCircle Network Security, and Rigel Kent Security. _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send mail to cert@cert.org with the subject: "TA05-194A Feedback VU#613562" _________________________________________________________________ This document is available at <http://www.us-cert.gov/cas/techalerts/TA05-194A.html> _________________________________________________________________ Produced 2005 by US-CERT, a government organization. _________________________________________________________________ Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History July 13, 2005: Initial release Last updated July 13, 2005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQtV4cxhoSezw4YfQAQLYkgf+I48YLEeutCHbzFWvz77pu+m4hs6Gltzf Nd6nhkzdfsU6arAqb1hXG5p7GEJ1adJB8Nz+df12MKxMVJAWfW6xjlEhlsHnuVJM hLThHyI166U34qbQt0SWKwlg1aKonAuP3p6XY16LCm7Vbq9G1HQgDGpK02LHbf/8 rWs2bUNqhPy7iz6wRwrF0w7CxJxI6+m6nfVnASwVknDCClz0bRyyw5oT6GUTeXOa X+DlnbMj7BLv08gJve/f5pSf7dQIZObHo6jBEV0/99ZW9P6h4dYAtLznOUYAd+5Q 8aIzfiK5RVe5uUFJsuTu+4dTV1lXfTF5eKEWNu5PWQHNT1NTXWIfCA== =HYcV -----END PGP SIGNATURE----- . BACKGROUND Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop. II. A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer. III. ANALYSIS Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser. IV. DETECTION iDEFENSE has confirmed the existence of this vulnerability in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine. V. Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative. VI. VENDOR RESPONSE This issue has been fixed in J2SE v 1.4.2_06 available at: [15]http://java.sun.com/j2se/1.4.2/download.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1029 to this issue. This is a candidate for inclusion in the CVE list ([16]http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 06/29/2004 Initial vendor notification 06/30/2004 Initial vendor response 08/16/2004 iDEFENSE clients notified 11/22/2004 Public disclosure IX. CREDIT Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery. Get paid for vulnerability research [17]http://www.idefense.com/poi/teams/vcp.jsp X. LEGAL NOTICES Copyright \xa9 2004 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [18]customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Trust: 4.86

sources: NVD: CVE-2004-1029 // CERT/CC: VU#760344 // CERT/CC: VU#613562 // JVNDB: JVNDB-2004-000497 // JVNDB: JVNDB-2005-000876 // BID: 11726 // BID: 14238 // BID: 12317 // VULHUB: VHN-9459 // PACKETSTORM: 38687 // PACKETSTORM: 35118

AFFECTED PRODUCTS

vendor:sunmodel:jrescope:eqversion:1.4

Trust: 3.4

vendor:sunmodel:jrescope:eqversion:1.4.2

Trust: 2.8

vendor:sunmodel:jrescope:eqversion:1.4.1

Trust: 2.8

vendor:sunmodel:jrescope:eqversion:1.3.1

Trust: 1.9

vendor:sunmodel:jre .0 03scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:sdkscope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk .0 03scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:jre 09scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre .0 04scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:sdk 07scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:sdkscope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:jre 01scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:jre 08scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 03scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:sdk 02scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 01scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdkscope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:jre 07scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 03scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk 05scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 02scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:sdk 04scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk 01scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:jre 04scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk 03scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:sdk 06scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 02scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:sdk .0 4scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:jre 05scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk 03scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:sdk 02scope:eqversion:1.4.1

Trust: 1.8

vendor:sunmodel:jre .0 02scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:sdk 05scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:jre 03scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:sdk .0 02scope:eqversion:1.4

Trust: 1.8

vendor:sunmodel:jre 05scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 06scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jre 02scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:sdk 03scope:eqversion:1.4.2

Trust: 1.8

vendor:sunmodel:jre 01scope:eqversion:1.3.1

Trust: 1.8

vendor:sunmodel:jrescope:eqversion:1.4.0_01

Trust: 1.6

vendor:sunmodel:jrescope:eqversion:1.3.1_07

Trust: 1.6

vendor:sunmodel:jrescope:eqversion:1.3.1_09

Trust: 1.6

vendor:sunmodel:jre 04scope:eqversion:1.3.1

Trust: 1.5

vendor:symantecmodel:enterprise firewallscope:eqversion:8.0

Trust: 1.3

vendor:sunmodel:jrescope:eqversion:1.3.0

Trust: 1.3

vendor:sunmodel:sdk 01scope:eqversion:1.3.1

Trust: 1.2

vendor:sunmodel:jre .0 01scope:eqversion:1.4

Trust: 1.2

vendor:hpmodel:java sdk-rtescope:eqversion:1.4

Trust: 1.0

vendor:hpmodel:java sdk-rtescope:eqversion:1.3

Trust: 1.0

vendor:symantecmodel:gateway security 5400scope:eqversion:2.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_04

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.0_02

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.1

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.0_02

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.3.1_06

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_06

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.23

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_03

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_01

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.3.1_03

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_03

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.1_02

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.1_02

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:*

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.11

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.0_4

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.1_03

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_01a

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_05

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_04

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_07

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_02

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.1_07

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.00

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_01

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.22

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.3.1_05

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_05

Trust: 1.0

vendor:symantecmodel:gateway security 5400scope:eqversion:2.0.1

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.0_04

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.0_03

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.0_03

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.3.1_02

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.3.1_02

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.0_01

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.1_01

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.1_01

Trust: 1.0

vendor:sunmodel:jre .0 02scope:eqversion:1.3

Trust: 0.9

vendor:sunmodel:jre 06scope:neversion:1.4.2

Trust: 0.9

vendor:sunmodel:jre 01ascope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:jre .0 05scope:eqversion:1.3

Trust: 0.9

vendor:sunmodel:jre 11scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 12scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 11scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:jre 10scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 09scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:jre 13scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 08scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 10scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:jre 12scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 14scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:jre 14scope:eqversion:1.3.1

Trust: 0.9

vendor:sunmodel:sdk 13scope:eqversion:1.3.1

Trust: 0.9

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel:notesscope:lteversion:6.5.6

Trust: 0.8

vendor:ibmmodel:notesscope:lteversion:7.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:1.3.1_12

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:eqversion:1.4.1

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:1.4.2_05

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:lteversion:1.3.1_12

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:eqversion:1.4.1

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:lteversion:1.4.2_05

Trust: 0.8

vendor:symantecmodel:enterprise firewallscope:eqversion:v8.0

Trust: 0.8

vendor:symantecmodel:gateway security 5400 seriesscope:eqversion:v2.0

Trust: 0.8

vendor:symantecmodel:gateway security 5400 seriesscope:eqversion:v2.0.1

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.00

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.22

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:10g

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:10g

Trust: 0.8

vendor:oraclemodel:e-business suitescope:eqversion:11i

Trust: 0.8

vendor:oraclemodel:enterprise managerscope:eqversion:10g

Trust: 0.8

vendor:oraclemodel:jinitiatorscope: - version: -

Trust: 0.8

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.6

vendor:oraclemodel:oracle10g application serverscope:eqversion:9.0.4.0

Trust: 0.6

vendor:sunmodel:sdk 01ascope:eqversion:1.3.1

Trust: 0.6

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1.5

Trust: 0.6

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.3.1

Trust: 0.6

vendor:sunmodel:jre .0 04scope:eqversion:1.3

Trust: 0.6

vendor:oraclemodel:enterprise manager database control 10gscope:eqversion:10.1.0.2

Trust: 0.6

vendor:oraclemodel:enterprise manager database control 10gscope:eqversion:10.1.0.4

Trust: 0.6

vendor:oraclemodel:jinitiatorscope:eqversion:1.3.1

Trust: 0.6

vendor:oraclemodel:enterprise manager grid control 10gscope:eqversion:10.1.3

Trust: 0.6

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.4

Trust: 0.6

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2.0.5

Trust: 0.6

vendor:oraclemodel:oracle8i enterprise editionscope:eqversion:8.1.7.4.0

Trust: 0.6

vendor:sunmodel:sdk 01scope:eqversion:1.4.2

Trust: 0.6

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2.6

Trust: 0.6

vendor:sunmodel:sdk .0 01scope:eqversion:1.4

Trust: 0.6

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1.4

Trust: 0.6

vendor:oraclemodel:oracle8scope:eqversion:8.0.6

Trust: 0.6

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.3

Trust: 0.6

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1.4

Trust: 0.6

vendor:oraclemodel:enterprise manager application server controlscope:eqversion:9.0.4.1

Trust: 0.6

vendor:oraclemodel:oracle8i standard editionscope:eqversion:8.1.7.4

Trust: 0.6

vendor:oraclemodel:oracle8scope:eqversion:8.0.6.3

Trust: 0.6

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.0.5

Trust: 0.6

vendor:sunmodel:sdk 04scope:eqversion:1.3.1

Trust: 0.6

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1.5

Trust: 0.6

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.2

Trust: 0.6

vendor:oraclemodel:workflowscope:eqversion:11.5.9.5

Trust: 0.6

vendor:oraclemodel:oracle10g personal editionscope:eqversion:10.1.0.4

Trust: 0.6

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1.5

Trust: 0.6

vendor:sunmodel:jrescope:eqversion:1.3

Trust: 0.6

vendor:oraclemodel:jinitiatorscope:eqversion:1.1.8

Trust: 0.6

vendor:oraclemodel:enterprise manager application server controlscope:eqversion:9.0.4.0

Trust: 0.6

vendor:oraclemodel:workflowscope:eqversion:11.5.1

Trust: 0.6

vendor:sunmodel:jre 07scope:eqversion:1.4.1

Trust: 0.6

vendor:sunmodel:sdk 02scope:eqversion:1.4.2

Trust: 0.6

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.6

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2.0.5

Trust: 0.6

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.6

vendor:oraclemodel:oracle10g application serverscope:eqversion:9.0.4.1

Trust: 0.6

vendor:oraclemodel:enterprise manager grid control 10gscope:eqversion:10.1.0.2

Trust: 0.6

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2.3

Trust: 0.6

vendor:oraclemodel:forms and reportsscope:eqversion:6.0.8.25

Trust: 0.6

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.3

Trust: 0.6

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.3

Trust: 0.6

vendor:oraclemodel:forms and reportsscope:eqversion:4.5.10.22

Trust: 0.6

vendor:oraclemodel:express serverscope:eqversion:6.3.4.0

Trust: 0.6

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.6.0

Trust: 0.6

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2.6

Trust: 0.6

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1.4

Trust: 0.6

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.2

Trust: 0.6

vendor:oraclemodel:oracle10g standard editionscope:eqversion:10.1.0.2

Trust: 0.6

vendor:oraclemodel:oracle10g enterprise editionscope:eqversion:10.1.0.4

Trust: 0.6

vendor:oraclemodel:enterprise manager database control 10gscope:eqversion:10.1.0.3

Trust: 0.6

vendor:sunmodel:jre 06scope:eqversion:1.4.2

Trust: 0.6

vendor:s u s emodel:linux personalscope:eqversion:8.2

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:sunmodel:java runtime environmentscope:eqversion:21.4.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.22scope: - version: -

Trust: 0.3

vendor:sunmodel:java runtime environmentscope:eqversion:21.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:symantecmodel:enterprise firewall nt/2000scope:eqversion:8.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:oraclemodel:http server for serverscope:eqversion:9.0.1

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:54002.0.1

Trust: 0.3

vendor:susemodel:linux i386scope:eqversion:8.0

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:sunmodel:java runtime environment 05scope:eqversion:21.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:54002.0

Trust: 0.3

vendor:sunmodel:jre .0 01scope:eqversion:1.3

Trust: 0.3

vendor:sunmodel:jre 04scope:eqversion:1.3

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:oraclemodel:http server for serverscope:eqversion:8.1.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.8

Trust: 0.3

vendor:oraclemodel:http server roll upscope:eqversion:1.0.2.22

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:sunmodel:jre 03scope:eqversion:1.3

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2.3

Trust: 0.3

vendor:sunmodel:java desktop systemscope:eqversion:2003

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.3.1

Trust: 0.3

vendor:oraclemodel:http server for apps only .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:symantecmodel:enterprise firewall solarisscope:eqversion:8.0

Trust: 0.3

vendor:sunmodel:jre .0 03scope:eqversion:1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.2

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.2

Trust: 0.3

vendor:sunmodel:java runtime environment 02scope:eqversion:21.3

Trust: 0.3

vendor:sunmodel:java desktop systemscope:eqversion:2.0

Trust: 0.3

vendor:oraclemodel:http server for serverscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.00scope: - version: -

Trust: 0.3

vendor:sunmodel:jre 01scope:eqversion:1.3

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:sunmodel:java runtime environmentscope:eqversion:21.3

Trust: 0.3

vendor:s u s emodel:linux personal x86 64scope:eqversion:9.0

Trust: 0.3

vendor:hpmodel:java sdk/rte for hp-ux pa-riscscope:eqversion:1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:1.0.2.0

Trust: 0.3

vendor:hpmodel:java sdk/rte for hp-ux pa-riscscope:eqversion:1.3

Trust: 0.3

vendor:sunmodel:java runtime environment 01scope:eqversion:21.3.1

Trust: 0.3

vendor:sunmodel:java runtime environment 08scope:eqversion:21.3.1

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.10

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.9

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.8

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.7

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.6

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.5

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.4

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.3

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.2

Trust: 0.3

vendor:oraclemodel:e-business suite 11iscope:eqversion:11.5.1

Trust: 0.3

vendor:oraclemodel:e-business suitescope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:developer suitescope:eqversion:10.1.2

Trust: 0.3

vendor:oraclemodel:developer suitescope:eqversion:9.0.5

Trust: 0.3

vendor:oraclemodel:developer suitescope:eqversion:9.0.4.1

Trust: 0.3

vendor:oraclemodel:developer suitescope:eqversion:9.0.4

Trust: 0.3

vendor:oraclemodel:developer suitescope:eqversion:9.0.2.3

Trust: 0.3

vendor:oraclemodel:collaboration suite releasescope:eqversion:29.0.4.2

Trust: 0.3

vendor:oraclemodel:collaboration suite releasescope:eqversion:29.0.4.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:5.0.12

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:5.0.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:7.0.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.6

Trust: 0.3

vendor:ibmmodel:lotus notesscope:neversion:7.0.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:lotus notes fp3scope:eqversion:6.5.5

Trust: 0.3

vendor:ibmmodel:lotus notes fp2scope:eqversion:6.5.5

Trust: 0.3

vendor:ibmmodel:lotus notes fp2scope:eqversion:6.5.6

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:6.5.4

Trust: 0.3

sources: CERT/CC: VU#760344 // CERT/CC: VU#613562 // BID: 11726 // BID: 14238 // BID: 12317 // JVNDB: JVNDB-2004-000497 // JVNDB: JVNDB-2005-000876 // CNNVD: CNNVD-200503-002 // NVD: CVE-2004-1029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1029
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#760344
value: 17.55

Trust: 0.8

CARNEGIE MELLON: VU#613562
value: 55.60

Trust: 0.8

NVD: CVE-2004-1029
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200503-002
value: CRITICAL

Trust: 0.6

VULHUB: VHN-9459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1029
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2004-1029
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-9459
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#760344 // CERT/CC: VU#613562 // VULHUB: VHN-9459 // JVNDB: JVNDB-2004-000497 // CNNVD: CNNVD-200503-002 // NVD: CVE-2004-1029

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-9459 // JVNDB: JVNDB-2004-000497 // NVD: CVE-2004-1029

THREAT TYPE

network

Trust: 0.9

sources: BID: 11726 // BID: 14238 // BID: 12317

TYPE

Access Validation Error

Trust: 0.6

sources: BID: 11726 // BID: 12317

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000497

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-9459

PATCH

title:HPSBUX01214url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00897307

Trust: 0.8

title:HPSBUX01100url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00899041

Trust: 0.8

title:HPSBUX01214url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01214.html

Trust: 0.8

title:HPSBUX01100url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01100.html

Trust: 0.8

title:1257249url:http://www-1.ibm.com/support/docview.wss?uid=swg21257249

Trust: 0.8

title:j2sdkurl:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=45#update_content

Trust: 0.8

title:jdksetupurl:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=22#update_content

Trust: 0.8

title:201660url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201660-1

Trust: 0.8

title:SYM05-001url:http://securityresponse.symantec.com/avcenter/security/Content/2005.01.04.html

Trust: 0.8

title:SYM05-001url:http://www.symantec.com/region/jp/avcenter/security/content/2005.01.04.html

Trust: 0.8

title:Critical Patch Update - July 2005url:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html

Trust: 0.8

title:Critical Patch Updates and Security Alerts url:http://www.oracle.com/technology/deploy/security/alerts.htm

Trust: 0.8

title:Map of Public Vulnerability to Advisory/Alerturl:http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html

Trust: 0.8

title:Critical Patch Update - July 2005url:http://otn.oracle.co.jp/security/050715_71/top.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000497 // JVNDB: JVNDB-2005-000876

EXTERNAL IDS

db:NVDid:CVE-2004-1029

Trust: 3.5

db:SECUNIAid:13271

Trust: 3.3

db:CERT/CCid:VU#760344

Trust: 3.3

db:BIDid:12317

Trust: 2.0

db:CERT/CCid:VU#613562

Trust: 1.7

db:VUPENid:ADV-2008-0599

Trust: 1.7

db:SECUNIAid:29035

Trust: 1.7

db:SREASONid:61

Trust: 1.7

db:XFid:18188

Trust: 1.4

db:BIDid:11726

Trust: 1.2

db:BIDid:14238

Trust: 1.1

db:USCERTid:TA05-194A

Trust: 0.9

db:JVNDBid:JVNDB-2004-000497

Trust: 0.8

db:BIDid:14279

Trust: 0.8

db:JVNDBid:JVNDB-2005-000876

Trust: 0.8

db:CNNVDid:CNNVD-200503-002

Trust: 0.7

db:SUNALERTid:101523

Trust: 0.6

db:SUNALERTid:57591

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5674

Trust: 0.6

db:IDEFENSEid:20041122 SUN JAVA PLUGIN ARBITRARY PACKAGE ACCESS VULNERABILITY

Trust: 0.6

db:APPLEid:APPLE-SA-2005-02-22

Trust: 0.6

db:PACKETSTORMid:35118

Trust: 0.2

db:EXPLOIT-DBid:24763

Trust: 0.1

db:SEEBUGid:SSVID-78455

Trust: 0.1

db:VULHUBid:VHN-9459

Trust: 0.1

db:PACKETSTORMid:38687

Trust: 0.1

sources: CERT/CC: VU#760344 // CERT/CC: VU#613562 // VULHUB: VHN-9459 // BID: 11726 // BID: 14238 // BID: 12317 // JVNDB: JVNDB-2004-000497 // JVNDB: JVNDB-2005-000876 // PACKETSTORM: 38687 // PACKETSTORM: 35118 // CNNVD: CNNVD-200503-002 // NVD: CVE-2004-1029

REFERENCES

url:http://jouko.iki.fi/adv/javaplugin.html

Trust: 2.5

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/760344

Trust: 2.5

url:http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities

Trust: 2.2

url:http://www-1.ibm.com/support/docview.wss?uid=swg21257249

Trust: 2.0

url:http://lists.apple.com/archives/security-announce/2005/feb/msg00000.html

Trust: 1.7

url:http://www.securityfocus.com/bid/12317

Trust: 1.7

url:http://rpmfind.net/linux/rpm/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html

Trust: 1.7

url:http://secunia.com/advisories/13271

Trust: 1.7

url:http://secunia.com/advisories/29035

Trust: 1.7

url:http://securityreason.com/securityalert/61

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1

Trust: 1.7

url:http://secunia.com/advisories/13271/

Trust: 1.6

url:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/18188

Trust: 1.4

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5674

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/0599

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/18188

Trust: 1.1

url:http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=false

Trust: 0.8

url:http://java.sun.com/products/plugin/index.jsp

Trust: 0.8

url:http://java.sun.com/j2se/desktopjava/jre/index.jsp

Trust: 0.8

url:http://java.sun.com/docs/books/tutorial/essential/system/securityintro.html

Trust: 0.8

url:http://java.sun.com/j2se/1.5.0/docs/api/java/security/accesscontrolexception.html

Trust: 0.8

url:http://java.sun.com/docs/books/tutorial/reflect/

Trust: 0.8

url:http://www.oracle.com/technology/deploy/security/alerts.htm

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1029

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1029

Trust: 0.8

url:http://www.securityfocus.com/bid/11726

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2005/1074

Trust: 0.8

url:http://jvn.jp/vn/jvnta05-194a

Trust: 0.8

url:http://www.securityfocus.com/bid/14279

Trust: 0.8

url:http://www.securityfocus.com/bid/14238

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta05-194a.html

Trust: 0.8

url:http://www.kb.cert.org/vuls/id/613562

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0599

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5674

Trust: 0.6

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=

Trust: 0.3

url:http://java.sun.com/products/plugin/versions.html#answers

Trust: 0.3

url:http://java.sun.com

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1&searchclause=

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57741-1

Trust: 0.3

url:http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html

Trust: 0.3

url:/archive/1/381940

Trust: 0.3

url:/archive/1/382281

Trust: 0.3

url:/archive/1/382072

Trust: 0.3

url:http://www.integrigy.com/analysis.htm

Trust: 0.3

url:http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html

Trust: 0.3

url:http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html

Trust: 0.3

url:http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html

Trust: 0.3

url:http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html

Trust: 0.3

url:/archive/1/406293

Trust: 0.3

url:/archive/1/404966

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1

Trust: 0.3

url:http://www.idefense.com/application/poi/display?id=158&amp;type=vulnerabilities

Trust: 0.1

url:http://www.oracle.com/technology/deploy/security/alerts.htm>

Trust: 0.1

url:http://www.red-database-security.com/advisory/oracle_jdeveloper_p

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/613562>

Trust: 0.1

url:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.h

Trust: 0.1

url:http://www.red-database-security.com/advisory/oracle_formsbuilder

Trust: 0.1

url:http://www.integrigy.com/alerts/oracpu0705.htm>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta05-194a.html>

Trust: 0.1

url:http://www.oracle.com/technology/deploy/security/pdf/public_vuln_

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.red-database-security.com/advisory/oracle_forms_unsecu

Trust: 0.1

url:http://www.idefense.com/poi/teams/vcp.jsp

Trust: 0.1

url:http://java.sun.com/j2se/1.4.2/download.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2004-1029

Trust: 0.1

url:http://java.sun.com/products/plugin/.

Trust: 0.1

url:http://cve.mitre.org),

Trust: 0.1

sources: CERT/CC: VU#760344 // CERT/CC: VU#613562 // VULHUB: VHN-9459 // BID: 11726 // BID: 14238 // BID: 12317 // JVNDB: JVNDB-2004-000497 // JVNDB: JVNDB-2005-000876 // PACKETSTORM: 38687 // PACKETSTORM: 35118 // CNNVD: CNNVD-200503-002 // NVD: CVE-2004-1029

CREDITS

Jouko Pynnonen jouko@iki.fi

Trust: 0.6

sources: CNNVD: CNNVD-200503-002

SOURCES

db:CERT/CCid:VU#760344
db:CERT/CCid:VU#613562
db:VULHUBid:VHN-9459
db:BIDid:11726
db:BIDid:14238
db:BIDid:12317
db:JVNDBid:JVNDB-2004-000497
db:JVNDBid:JVNDB-2005-000876
db:PACKETSTORMid:38687
db:PACKETSTORMid:35118
db:CNNVDid:CNNVD-200503-002
db:NVDid:CVE-2004-1029

LAST UPDATE DATE

2024-11-27T21:39:46.072000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#760344date:2004-11-23T00:00:00
db:CERT/CCid:VU#613562date:2005-10-19T00:00:00
db:VULHUBid:VHN-9459date:2017-10-11T00:00:00
db:BIDid:11726date:2009-07-12T08:06:00
db:BIDid:14238date:2009-07-12T16:06:00
db:BIDid:12317date:2008-04-07T16:18:00
db:JVNDBid:JVNDB-2004-000497date:2008-03-03T00:00:00
db:JVNDBid:JVNDB-2005-000876date:2009-04-03T00:00:00
db:CNNVDid:CNNVD-200503-002date:2009-03-04T00:00:00
db:NVDid:CVE-2004-1029date:2017-10-11T01:29:40.293

SOURCES RELEASE DATE

db:CERT/CCid:VU#760344date:2004-11-23T00:00:00
db:CERT/CCid:VU#613562date:2005-07-13T00:00:00
db:VULHUBid:VHN-9459date:2005-03-01T00:00:00
db:BIDid:11726date:2004-11-22T00:00:00
db:BIDid:14238date:2005-07-12T00:00:00
db:BIDid:12317date:2005-01-20T00:00:00
db:JVNDBid:JVNDB-2004-000497date:2007-04-01T00:00:00
db:JVNDBid:JVNDB-2005-000876date:2009-04-03T00:00:00
db:PACKETSTORMid:38687date:2005-07-14T07:18:49
db:PACKETSTORMid:35118date:2004-11-24T07:03:46
db:CNNVDid:CNNVD-200503-002date:2004-03-09T00:00:00
db:NVDid:CVE-2004-1029date:2005-03-01T05:00:00