Description
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Product(s):
- HP Java SDK-RTE 1.3 for HP-UX PA-RISC
- HP Java SDK-RTE 1.4 for HP-UX PA-RISC
- Sun JDK 1.3.1_01 for Linux
- Sun JDK 1.3.1_01 for Solaris
- Sun JDK 1.3.1_01a for Windows
- Sun JDK 1.3.1_02 for Linux
- Sun JDK 1.3.1_02 for Solaris
- Sun JDK 1.3.1_02 for Windows
- Sun JDK 1.3.1_03 for Linux
- Sun JDK 1.3.1_03 for Solaris
- Sun JDK 1.3.1_03 for Windows
- Sun JDK 1.3.1_04 for Windows
- Sun JDK 1.3.1_05 for Linux
- Sun JDK 1.3.1_05 for Solaris
- Sun JDK 1.3.1_05 for Windows
- Sun JDK 1.3.1_06 for Linux
- Sun JDK 1.3.1_06 for Solaris
- Sun JDK 1.3.1_06 for Windows
- Sun JDK 1.3.1_07 for Linux
- Sun JDK 1.3.1_07 for Solaris
- Sun JDK 1.3.1_07 for Windows
- Sun JDK 1.4.0_01 for Windows
- Sun JDK 1.4.0_02 for Linux
- Sun JDK 1.4.0_02 for Solaris
- Sun JDK 1.4.0_02 for Windows
- Sun JDK 1.4.0_03 for Linux
- Sun JDK 1.4.0_03 for Solaris
- Sun JDK 1.4.0_03 for Windows
- Sun JDK 1.4.0_4 for Linux
- Sun JDK 1.4.0_4 for Solaris
- Sun JDK 1.4.0_4 for Windows
- Sun JDK 1.4.1 for Linux
- Sun JDK 1.4.1 for Solaris
- Sun JDK 1.4.1 for Windows
- Sun JDK 1.4.1_01 for Linux
- Sun JDK 1.4.1_01 for Solaris
- Sun JDK 1.4.1_01 for Windows
- Sun JDK 1.4.1_02 for Linux
- Sun JDK 1.4.1_02 for Solaris
- Sun JDK 1.4.1_02 for Windows
- Sun JDK 1.4.1_03 for Linux
- Sun JDK 1.4.1_03 for Solaris
- Sun JDK 1.4.1_03 for Windows
- Sun JDK 1.4.2 for Linux
- Sun JDK 1.4.2 for Solaris
- Sun JDK 1.4.2 for Windows
- Sun JDK 1.4.2_01 for Linux
- Sun JDK 1.4.2_02 for Linux
- Sun JDK 1.4.2_03 for Linux
- Sun JDK 1.4.2_03 for Solaris
- Sun JDK 1.4.2_03 for Windows
- Sun JDK 1.4.2_04 for Linux
- Sun JDK 1.4.2_04 for Solaris
- Sun JDK 1.4.2_04 for Windows
- Sun JDK 1.4.2_05 for Linux
- Sun JDK 1.4.2_05 for Solaris
- Sun JDK 1.4.2_05 for Windows
- Sun JDK 1.4 for Linux
- Sun JDK 1.4 for Solaris
- Sun JDK 1.4 for Windows
- Sun JRE 1.3.0 for Linux
- Sun JRE 1.3.0 for Solaris
- Sun JRE 1.3.0 for Windows
- Sun JRE 1.3.0 Update 1 for Linux
- Sun JRE 1.3.0 Update 2 Linux Edition
- Sun JRE 1.3.0 Update 2 for Solaris
- Sun JRE 1.3.0 Update 2 for Windows
- Sun JRE 1.3.0 Update 3 for Linux
- Sun JRE 1.3.0 Update 4 for Linux
- Sun JRE 1.3.0 Update 4 for Windows
- Sun JRE 1.3.0 Update 5 for Linux
- Sun JRE 1.3.0 Update 5 for Solaris
- Sun JRE 1.3.0 Update 5 for Windows
- Sun JRE 1.3.1 for Linux
- Sun JRE 1.3.1 Update 1 for Linux
- Sun JRE 1.3.1 Update 1 for Solaris
- Sun JRE 1.3.1 Update 1 for Windows
- Sun JRE 1.3.1 Update 1a for Windows
- Sun JRE 1.3.1 Update 4 for Solaris
- Sun JRE 1.3.1 Update 4 for Windows
- Sun JRE 1.3.1 Update 8 for Linux
- Sun JRE 1.3.1 Update 8 for Solaris
- Sun JRE 1.3.1 Update 8 for Windows
- Sun JRE 1.3.1_02 for Linux
- Sun JRE 1.3.1_02 for Solaris
- Sun JRE 1.3.1_02 for Windows
- Sun JRE 1.3.1_03 for Linux
- Sun JRE 1.3.1_03 for Solaris
- Sun JRE 1.3.1_03 for Windows
- Sun JRE 1.3.1_05 for Linux
- Sun JRE 1.3.1_05 for Solaris
- Sun JRE 1.3.1_05 for Windows
- Sun JRE 1.3.1_06 for Linux
- Sun JRE 1.3.1_06 for Solaris
- Sun JRE 1.3.1_06 for Windows
- Sun JRE 1.3.1_07 for Linux
- Sun JRE 1.3.1_07 for Solaris
- Sun JRE 1.3.1_07 for Windows
- Sun JRE 1.3.1_09 for Linux
- Sun JRE 1.3.1_09 for Solaris
- +67 additional
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1029, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1029 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.