CVE-2002-0058
CVSS5.0
发布时间 :2002-03-15 00:00:00
修订时间 :2016-10-17 22:15:40
NMCOS    

[原文]Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.


[CNNVD]多个厂商Java虚拟机会话劫持漏洞(MS02-013)(CNNVD-200203-035)

        
        一些厂商(包括Sun、Microsoft)都实现了Java虚拟机,它可以允许一些来自不可信资源的代码(例如Java applet)在虚拟机中安全的执行。
        一些厂商的虚拟机实现上存在漏洞,当用户通过HTTP代理进行网络访问时,恶意的Java applet可以劫持用户的会话。
        在用户用IE或者其他Web浏览器通过代理服务器进行浏览的情况下,网站上恶意的Java脚本可能利用这个漏洞,在不知不觉中把用户通过浏览器浏览的网络流量转发到攻击者控制的主机上。随后攻击者就能发送恶意回复,使之看起来象是来自原目的地,也可以丢弃对话信息,导致拒绝服务。另外,攻击者还能捕捉和保存用户的对话信息。这样他就能执行重播攻击或搜寻诸如用户名和口令等机密信息。
        目前已知Microsoft和Sun的虚拟机实现存在此安全漏洞。Netscape 6.1, 6.0.1, 和6.0由于带有有问题的Java虚拟机,因此受到此问题影响。Microsoft VM build 3802以及以前版本也受到此问题影响。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:sun:jdk:1.1.8:update13Sun JDK 1.1.8_13
cpe:/a:sun:jdk:1.1.8:update7Sun JDK 1.1.8_007
cpe:/a:sun:sdk:1.1.8_007Sun SDK 1.1.8_007
cpe:/a:sun:jre:1.1.8:update13Sun JRE 1.1.8_13
cpe:/a:sun:jre:1.1.8:update7Sun JRE 1.1.8_007
cpe:/a:sun:jre:1.2.2:update10Sun JRE 1.2.2_010
cpe:/a:sun:sdk:1.2.2_10Sun SDK 1.2.2_10
cpe:/a:microsoft:virtual_machine:3802
cpe:/a:sun:sdk:1.3_02Sun SDK 1.3_02
cpe:/a:sun:sdk:1.2.2_010Sun SDK 1.2.2_010
cpe:/a:sun:jre:1.3.0:update2Sun J2RE 1.3.0_02

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0058
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0058
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-035
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101534535304228&w=2
(UNKNOWN)  BUGTRAQ  20020305 Java HTTP proxy vulnerability
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216
(UNKNOWN)  SUN  00216
http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
(VENDOR_ADVISORY)  MS  MS02-013

- 漏洞信息

多个厂商Java虚拟机会话劫持漏洞(MS02-013)
中危 设计错误
2002-03-15 00:00:00 2005-10-20 00:00:00
远程  
        
        一些厂商(包括Sun、Microsoft)都实现了Java虚拟机,它可以允许一些来自不可信资源的代码(例如Java applet)在虚拟机中安全的执行。
        一些厂商的虚拟机实现上存在漏洞,当用户通过HTTP代理进行网络访问时,恶意的Java applet可以劫持用户的会话。
        在用户用IE或者其他Web浏览器通过代理服务器进行浏览的情况下,网站上恶意的Java脚本可能利用这个漏洞,在不知不觉中把用户通过浏览器浏览的网络流量转发到攻击者控制的主机上。随后攻击者就能发送恶意回复,使之看起来象是来自原目的地,也可以丢弃对话信息,导致拒绝服务。另外,攻击者还能捕捉和保存用户的对话信息。这样他就能执行重播攻击或搜寻诸如用户名和口令等机密信息。
        目前已知Microsoft和Sun的虚拟机实现存在此安全漏洞。Netscape 6.1, 6.0.1, 和6.0由于带有有问题的Java虚拟机,因此受到此问题影响。Microsoft VM build 3802以及以前版本也受到此问题影响。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在IE里禁止Microsoft VM的运行:
        在 工具->Internet选项->安全->Internet->自定义级别->Microsoft VM 设置禁用。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:
        MS02-013:Java Applet Can Redirect Browser Traffic
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-013.asp

        补丁下载:
        您应当升级到Microsoft VM bulid 3805或者更新版本:
        
        http://www.microsoft.com/java/vm/dl_vm40.htm

        Sun
        ---
        Sun已经为此发布了一个安全公告(Sun-00216)以及相应补丁:
        Sun-00216:HttpURLConnection
        链接:
        http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216&type=0&nav=sec.sba

        补丁下载:
         Windows Production Releases
        
         SDK and JRE 1.4
        http://java.sun.com/j2se/1.4/

         SDK and JRE 1.3.1_02
        http://java.sun.com/j2se/1.3/

         SDK and JRE 1.2.2_011
        http://java.sun.com/j2se/1.2/

         JDK and JRE 1.1.8_009
        http://java.sun.com/products/jdk/1.1/download-jdk-windows.html

        
         Solaris OE Reference Releases
        
         SDK and JRE 1.2.2_011
        http://java.sun.com/j2se/1.2/

         JDK and JRE 1.1.8_009
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

         Solaris OE Production Releases
        
         SDK and JRE 1.4
        http://java.sun.com/j2se/1.4/

         SDK and JRE 1.3.1_02
        http://java.sun.com/j2se/1.3/

         SDK and JRE 1.2.2_11
        http://java.sun.com/j2se/1.2/

         JDK and JRE 1.1.8_15
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        
         Linux Production Releases
         SDK and JRE 1.4
        http://java.sun.com/j2se/1.4/

         SDK and JRE 1.3.1_02
        http://java.sun.com/j2se/1.3/

         SDK and JRE 1.2.2_011
        http://java.sun.com/j2se/1.2/

- 漏洞信息

14270
Sun Java JRE HTTP Proxy Java Applet Session Hijack

- 漏洞描述

- 时间线

2002-03-04 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor Java Virtual Machine Session Hijacking Vulnerability
Design Error 4228
Yes No
2002-03-04 12:00:00 2009-07-11 10:56:00
Discovered by Harmen van der Wal.

- 受影响的程序版本

Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Windows Production Release) 1.1.8 _007
Sun SDK (Solaris Reference Release) 1.2.2 _010
Sun SDK (Solaris Production Release) 1.3 _02
Sun SDK (Solaris Production Release) 1.2.2 _10
Sun SDK (Linux Production Release) 1.3 _02
Sun SDK (Linux Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.3 .0_04
Sun JRE (Windows Production Release) 1.3 .0_02
Sun JRE (Windows Production Release) 1.3
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.1.8 _007
Sun JRE (Windows Production Release) 1.1.8
Sun JRE (Solaris Reference Release) 1.2.2 _010
Sun JRE (Solaris Reference Release) 1.2.2
Sun JRE (Solaris Reference Release) 1.1.8 _007
Sun JRE (Solaris Reference Release) 1.1.8
Sun JRE (Solaris Production Release) 1.3 .0_02
Sun JRE (Solaris Production Release) 1.3
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.1.8 _13
Sun JRE (Solaris Production Release) 1.1.8
Sun JRE (Linux Production Release) 1.3 .0_04
Sun JRE (Linux Production Release) 1.3 .0_02
Sun JRE (Linux Production Release) 1.3 .0_01
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JDK (Windows Production Release) 1.1.8 _007
Sun JDK (Solaris Reference Release) 1.1.8 _007
Sun JDK (Solaris Production Release) 1.1.8 _13
SGI IRIX 6.5.17
SGI IRIX 6.5.16
SGI IRIX 6.5.15
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
Netscape Netscape 6.0 1
- HP HP-UX 11.11
- HP HP-UX 11.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Netscape Netscape 6.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Netscape Communicator 6.1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Microsoft Virtual Machine 3802 Series
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 4.0.1
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 4.0
HP Java SDK/RTE for HP-UX PA-RISC 1.3
+ HP HP-UX 11.20
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX (VVOS) 11.0 4
HP Java SDK/RTE for HP-UX PA-RISC 1.2.2
+ HP HP-UX 11.20
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX (VVOS) 11.0 4
HP Java JRE/JDK for HP-UX 1.1.8
+ HP HP-UX 10.20
Compaq Tru64 5.1
Compaq Tru64 5.0 a
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f
Compaq Remote Insight Lights-Out Edition
Compaq OpenVMS 7.3 Alpha
Compaq OpenVMS 7.2.1 Alpha
Compaq OpenVMS 7.2 -2 Alpha
Compaq OpenVMS 7.2 -1H2 Alpha
Compaq OpenVMS 7.2 -1H1 Alpha
Compaq OpenVMS 7.2 Alpha
Compaq Management Agents 4.37 E
Compaq Management Agents 4.36 j
Compaq Management Agents 4.36 E
Compaq Management Agents 4.35 j
Compaq Management Agents 4.30 j
Compaq Integrated Lights-Out on ProLiant DL360 G2
Compaq Insight Manager XE 2.2
Compaq Insight Manager XE 2.1 c
Compaq Insight Manager XE 2.1 b
Compaq Insight Manager XE 2.1
Compaq Insight Manager XE 1.21
Compaq Insight Manager XE 1.0
Compaq Insight Manager 7.0
SGI IRIX 6.5.18
Microsoft Virtual Machine 3805 Series
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.0
Compaq Insight Manager 7.0 SP1

- 不受影响的程序版本

SGI IRIX 6.5.18
Microsoft Virtual Machine 3805 Series
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.0
Compaq Insight Manager 7.0 SP1

- 漏洞讨论

Various Java virtual machine implementations contain a vulnerability that may allow for interception and hijacking of web requests.

The vulnerability is present when a client system is configured to use a HTTP proxy server. It is possible for malicious java code to redirect requests meant for the proxy server to an arbitrary host. This occurs transparently, without any client consent or knowledge.

This vulnerability can be exploited with a maliciously crafted Java applet, possibly embedded in a webpage. The victim must run the applet in a vulnerable virtual machine.

As a result a user's session information could be captured and be examined for sensitive information. Man-in-the-middle attacks may also be possible, as the response to any request may be crafted by the attacker.

It should be noted that all builds of Microsoft Virtual Machine prior to and including build 3802 are affected by this issue.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Sun SDK and JRE version 1.4 is not vulnerable. It is available at:

http://java.sun.com/j2se/1.4/

Users of Netscape web clients for various platforms should also ensure that the plug-in virtual machines are not vulnerable. HP has updated Java VM plug-ins (JPI) available for Netscape on HP-UX at: http://www.hp.com/go/java.

Compaq Insight Manager XE has been replaced by Compaq Insight Manager 7. Users should upgrade to Compaq Insight Manager 7 and then apply SP 1.

Some versions of Compaq TRU64 Unix and OpenVMS for Alpha ship with vulnerable versions of Java SDK and JRE. For details on upgrading, please visit the following website:

http://www.compaq.com/java/alpha

To fix Compaq Management Agents, it has been suggested that those affected upgrade to the version of the Java Runtime Environment recommended by Microsoft at the following address:

http://www.microsoft.com/java/vm/dl_vm40.htm

SGI has announced that this issue will be resolved in IRIX 6.5.18. Users are advised to upgrade to this version when it becomes available.

Users of IRIX may also manually install updated versions of the JRE and SDK. Full details are available in the referenced advisory. The updated software is available at the following locations:

http://www.sgi.com/products/evaluation/6.x_java_plugin_1.1.1/
http://www.sgi.com/products/evaluation/6.5_java2_1.3.1_02/

Various vendors have released the following fixes which address this issue:


Compaq Integrated Lights-Out on ProLiant DL360 G2

Compaq Remote Insight Lights-Out Edition

Microsoft Virtual Machine 3802 Series

Compaq Insight Manager XE 1.0

Sun JDK (Solaris Reference Release) 1.1.8 _007

Sun JRE (Solaris Reference Release) 1.1.8 _007

Sun JRE (Solaris Production Release) 1.1.8 _13

HP Java JRE/JDK for HP-UX 1.1.8

Sun JRE (Windows Production Release) 1.1.8 _007

Sun JDK (Windows Production Release) 1.1.8 _007

HP Java SDK/RTE for HP-UX PA-RISC 1.2.2

Sun JRE (Windows Production Release) 1.2.2 _010

Sun SDK (Linux Production Release) 1.2.2 _010

Sun SDK (Solaris Production Release) 1.2.2 _10

Sun SDK (Solaris Reference Release) 1.2.2 _010

Compaq Insight Manager XE 1.21

Sun JRE (Windows Production Release) 1.3 .0_02

Sun JRE (Linux Production Release) 1.3 .0_02

HP Java SDK/RTE for HP-UX PA-RISC 1.3

Sun JRE (Windows Production Release) 1.3 .0_04

Sun SDK (Windows Production Release) 1.3 .0_02

Sun SDK (Linux Production Release) 1.3 _02

Sun SDK (Solaris Production Release) 1.3 _02

Sun JRE (Linux Production Release) 1.3 .0_04

Sun JRE (Solaris Production Release) 1.3 .0_02

Compaq Insight Manager XE 2.1

Compaq Insight Manager XE 2.1 b

Compaq Insight Manager XE 2.1 c

Compaq Insight Manager XE 2.2

Compaq Tru64 4.0 f

Compaq Tru64 4.0 g

Compaq Tru64 5.0 a

Compaq Tru64 5.1

Netscape Netscape 6.0 1

Netscape Netscape 6.0

Netscape Communicator 6.1

Compaq Insight Manager 7.0

Compaq OpenVMS 7.2 -2 Alpha

Compaq OpenVMS 7.2 Alpha

Compaq OpenVMS 7.2 -1H1 Alpha

Compaq OpenVMS 7.2 -1H2 Alpha

Compaq OpenVMS 7.2.1 Alpha

Compaq OpenVMS 7.3 Alpha

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站