CVE-2004-1029
CVSS9.3
发布时间 :2005-03-01 00:00:00
修订时间 :2011-06-13 00:00:00
NMCOEPS    

[原文]The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.


[CNNVD]Sun Java Plugin任意包访问漏洞(CNNVD-200503-002)

        Java Plug-in技术是Java 2实时环境的一部分,Sun的Java Runtime Environment (JRE)为JAVA应用程序提供可靠的运行环境。
        Java Plug-in技术设计存在问题,远程攻击者可以利用这个漏洞绕过Java'沙盒'和所有限制访问受限资源和系统。
        Java虚拟机中包含多个私有Java包并被内部调用,默认安全机制限制Applet访问这些包,任何企图访问这些包,会导致'AccessControlException'的异常,除非这个Applet被签名并被用户信任。
        问题存在于使用Sun java插件技术的WEB浏览器,针对Javascript数据交换对Java的访问控制缺少正确的限制,漏洞允许Javascript代码装载不安全的类。成功利用此漏洞允许攻击者执行恶意类,目标用户被执行恶意类后,可能导致恶意类在系统上执行访问,下载上传执行任意文件等操作。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/a:sun:jre:1.3.1_03::windows
cpe:/a:sun:jre:1.4.1_01::solaris
cpe:/a:sun:jdk:1.4.0_01::windows
cpe:/a:sun:jre:1.3.0:update4:windows
cpe:/a:sun:jdk:1.4.1_03::solaris
cpe:/a:sun:jdk:1.4.1_01::linux
cpe:/a:sun:jdk:1.3.1_02::windows
cpe:/a:sun:jre:1.3.1_06::solaris
cpe:/a:sun:jre:1.4.0_03::solaris
cpe:/a:sun:jdk:1.3.1_07::windows
cpe:/a:sun:jre:1.3.0:update5:linux
cpe:/a:sun:jre:1.4.2:update1:solaris
cpe:/a:sun:jdk:1.3.1_05::linux
cpe:/a:sun:jdk:1.4.2_05::windows
cpe:/a:sun:jre:1.3.0:update5:solaris
cpe:/a:sun:jre:1.3.1_09::linux
cpe:/a:sun:jdk:1.3.1_06::windows
cpe:/a:sun:jre:1.4.1_07::windows
cpe:/a:sun:jdk:1.4.2::solaris
cpe:/a:sun:jre:1.3.1_03::solaris
cpe:/h:symantec:gateway_security_5400:2.0.1
cpe:/a:sun:jdk:1.4.2_05::linux
cpe:/a:sun:jdk:1.4.1_02::windows
cpe:/a:sun:jre:1.3.1:update4:windows
cpe:/a:sun:jdk:1.4.1_01::solaris
cpe:/a:sun:jdk:1.4.2_02::linux
cpe:/a:sun:jdk:1.3.1_04::windows
cpe:/a:sun:jre:1.3.1::linux
cpe:/a:sun:jre:1.3.1_05::linux
cpe:/o:hp:hp-ux:11.22HP-UX 11i v1.6
cpe:/a:sun:jre:1.4.2:update4:linux
cpe:/a:sun:jre:1.4.0_04::solaris
cpe:/a:sun:jdk:1.4.1_02::linux
cpe:/a:hp:java_sdk-rte:1.4::hp-ux_pa-risc
cpe:/a:sun:jre:1.4.0_04::windows
cpe:/a:sun:jre:1.3.1_07::solaris
cpe:/a:sun:jre:1.3.0:update3:linux
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/a:sun:jre:1.4.2::solaris
cpe:/a:sun:jre:1.4.2:update2:linux
cpe:/a:sun:jre:1.4.2:update1:linux
cpe:/a:sun:jdk:1.3.1_05::windows
cpe:/a:sun:jre:1.4::linux
cpe:/a:sun:jre:1.3.1_05::windows
cpe:/a:sun:jre:1.3.1:update8:solaris
cpe:/a:sun:jre:1.3.1_02::solaris
cpe:/a:sun:jdk:1.4.2::windows
cpe:/a:sun:jre:1.3.0::windows
cpe:/a:sun:jre:1.3.0:update4:linux
cpe:/a:sun:jdk:1.4::linux
cpe:/a:hp:java_sdk-rte:1.3::hp-ux_pa-risc
cpe:/a:sun:jre:1.4.2:update1:windows
cpe:/a:sun:jdk:1.4.2_01::linux
cpe:/a:sun:jdk:1.4::windows
cpe:/a:sun:jre:1.4.2:update4:solaris
cpe:/a:sun:jdk:1.4.0_4::solaris
cpe:/a:sun:jdk:1.4.2_04::linux
cpe:/a:sun:jdk:1.4.0_02::linux
cpe:/a:sun:jdk:1.4.0_02::solaris
cpe:/a:sun:jre:1.4.2:update3:windows
cpe:/a:sun:jdk:1.4.1::windows
cpe:/a:sun:jre:1.3.0:update2:solaris
cpe:/a:sun:jre:1.3.0:update1:linux
cpe:/a:sun:jre:1.3.1:update1a:windows
cpe:/a:sun:jdk:1.4.2_04::solaris
cpe:/a:sun:jre:1.3.0::linux
cpe:/a:sun:jre:1.3.1_03::linux
cpe:/a:sun:jre:1.4.0_01::solaris
cpe:/a:sun:jre:1.3.1_02::windows
cpe:/a:sun:jre:1.4.2:update2:solaris
cpe:/a:sun:jdk:1.3.1_07::solaris
cpe:/a:sun:jre:1.4.1::linux
cpe:/a:sun:jdk:1.4.0_03::linux
cpe:/a:sun:jdk:1.4::solaris
cpe:/a:sun:jdk:1.4.2_05::solaris
cpe:/a:sun:jdk:1.3.1_02::linux
cpe:/a:sun:jdk:1.4.2::linux
cpe:/a:sun:jdk:1.3.1_07::linux
cpe:/a:sun:jdk:1.4.2_03::windows
cpe:/a:sun:jdk:1.4.1_02::solaris
cpe:/a:sun:jre:1.4.2:update5:windows
cpe:/a:sun:jdk:1.3.1_03::solaris
cpe:/a:symantec:enterprise_firewall:8.0::windows_2000_nt
cpe:/a:sun:jdk:1.4.1_03::windows
cpe:/a:sun:jre:1.4.0_02::linux
cpe:/a:sun:jre:1.3.1_06::linux
cpe:/a:symantec:enterprise_firewall:8.0Symantec Enterprise Firewall 8.0
cpe:/a:sun:jre:1.4.1:update3:linux
cpe:/a:sun:jre:1.3.0:update5:windows
cpe:/a:sun:jre:1.4.2::linux
cpe:/a:sun:jdk:1.4.0_4::windows
cpe:/a:sun:jre:1.4.1_02::solaris
cpe:/a:sun:jre:1.3.1:update1:linux
cpe:/o:hp:hp-ux:11.23::ia64_64-bit
cpe:/a:symantec:enterprise_firewall:8.0::solaris
cpe:/a:sun:jre:1.4.0_03::linux
cpe:/a:sun:jdk:1.3.1_05::solaris
cpe:/a:sun:jre:1.4.1:update3:solaris
cpe:/a:sun:jdk:1.4.2_03::linux
cpe:/a:sun:jre:1.4.1::windows
cpe:/a:sun:jdk:1.4.1_01::windows
cpe:/a:sun:jre:1.4.1::solaris
cpe:/a:sun:jdk:1.4.0_4::linux
cpe:/a:sun:jre:1.4.2:update5:linux
cpe:/a:sun:jdk:1.3.1_06::solaris
cpe:/a:sun:jre:1.4.2:update2:windows
cpe:/h:symantec:gateway_security_5400:2.0
cpe:/a:sun:jre:1.3.1_09::solaris
cpe:/a:sun:jre:1.3.1:update4:solaris
cpe:/a:sun:jre:1.3.1_09::windows
cpe:/a:sun:jre:1.4.0_04::linux
cpe:/a:sun:jdk:1.4.0_03::solaris
cpe:/a:sun:jre:1.4.0_03::windows
cpe:/a:sun:jre:1.3.0:update2:linux
cpe:/a:sun:jdk:1.4.2_04::windows
cpe:/a:sun:jre:1.4.1:update3:windows
cpe:/a:sun:jre:1.4.2:update3:linux
cpe:/a:sun:jre:1.4.0_02::windows
cpe:/a:sun:jre:1.3.1_07::linux
cpe:/a:sun:jdk:1.4.2_03::solaris
cpe:/a:sun:jre:1.3.0::solaris
cpe:/a:sun:jre:1.4.1_01::windows
cpe:/a:sun:jre:1.3.1:update8:windows
cpe:/a:sun:jre:1.3.1:update1:windows
cpe:/a:sun:jre:1.4.1_02::linux
cpe:/a:sun:jre:1.4.2::windows
cpe:/a:sun:jre:1.3.1:update1:solaris
cpe:/a:sun:jre:1.3.1_02::linux
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:sun:jdk:1.4.0_02::windows
cpe:/a:sun:jdk:1.3.1_03::windows
cpe:/a:sun:jre:1.4.2:update3:solaris
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/a:sun:jdk:1.3.1_01::linux
cpe:/a:sun:jre:1.4::solaris
cpe:/a:sun:jdk:1.3.1_01::solaris
cpe:/a:sun:jre:1.4.1_02::windows
cpe:/a:sun:jre:1.4::windows
cpe:/a:sun:jdk:1.3.1_06::linux
cpe:/a:sun:jre:1.3.1_06::windows
cpe:/a:sun:jdk:1.4.1_03::linux
cpe:/a:sun:jre:1.4.0_02::solaris
cpe:/a:sun:jdk:1.4.1::solaris
cpe:/a:sun:jdk:1.4.1::linux
cpe:/a:sun:jre:1.3.0:update2:windows
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/a:sun:jdk:1.3.1_02::solaris
cpe:/a:sun:jre:1.4.1_01::linux
cpe:/a:sun:jdk:1.3.1_03::linux
cpe:/a:sun:jdk:1.4.0_03::windows
cpe:/a:sun:jre:1.3.1_05::solaris
cpe:/a:sun:jre:1.4.0_01::windows
cpe:/a:sun:jre:1.4.2:update4:windows
cpe:/a:sun:jdk:1.3.1_01a::windows
cpe:/a:sun:jre:1.3.1_07::windows
cpe:/a:sun:jre:1.4.2:update5:solaris
cpe:/a:sun:jre:1.3.1:update8:linux

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5674HP-UX Java Web Start, Remote Unauthorized Privileged Access
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1029
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-002
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/760344
(UNKNOWN)  CERT-VN  VU#760344
http://www.securityfocus.com/bid/12317
(PATCH)  BID  12317
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
(VENDOR_ADVISORY)  SUNALERT  57591
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
(VENDOR_ADVISORY)  SUNALERT  101523
http://xforce.iss.net/xforce/xfdb/18188
(UNKNOWN)  XF  sdk-jre-applet-restriction-bypass(18188)
http://www.vupen.com/english/advisories/2008/0599
(VENDOR_ADVISORY)  VUPEN  ADV-2008-0599
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20041122 Sun Java Plugin Arbitrary Package Access Vulnerability
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
(UNKNOWN)  CONFIRM  http://www-1.ibm.com/support/docview.wss?uid=swg21257249
http://securityreason.com/securityalert/61
(UNKNOWN)  SREASON  61
http://secunia.com/advisories/29035
(VENDOR_ADVISORY)  SECUNIA  29035
http://secunia.com/advisories/13271
(VENDOR_ADVISORY)  SECUNIA  13271
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
(UNKNOWN)  CONFIRM  http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-02-22
http://jouko.iki.fi/adv/javaplugin.html
(UNKNOWN)  MISC  http://jouko.iki.fi/adv/javaplugin.html

- 漏洞信息

Sun Java Plugin任意包访问漏洞
高危 权限许可和访问控制
2005-03-01 00:00:00 2009-03-04 00:00:00
远程  
        Java Plug-in技术是Java 2实时环境的一部分,Sun的Java Runtime Environment (JRE)为JAVA应用程序提供可靠的运行环境。
        Java Plug-in技术设计存在问题,远程攻击者可以利用这个漏洞绕过Java'沙盒'和所有限制访问受限资源和系统。
        Java虚拟机中包含多个私有Java包并被内部调用,默认安全机制限制Applet访问这些包,任何企图访问这些包,会导致'AccessControlException'的异常,除非这个Applet被签名并被用户信任。
        问题存在于使用Sun java插件技术的WEB浏览器,针对Javascript数据交换对Java的访问控制缺少正确的限制,漏洞允许Javascript代码装载不安全的类。成功利用此漏洞允许攻击者执行恶意类,目标用户被执行恶意类后,可能导致恶意类在系统上执行访问,下载上传执行任意文件等操作。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://java.sun.com/j2se/1.4.2/download.html

- 漏洞信息 (24763)

Sun Java Runtime Environment 1.x Java Plug-in JavaScript Security Restriction Bypass Vulnerability (EDBID:24763)
multiple dos
2004-11-22 Verified
0 Jouko Pynnonen
N/A [点击下载]
source: http://www.securityfocus.com/bid/11726/info

A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.

[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]		

- 漏洞信息 (F35118)

iDEFENSE Security Advisory 2004-11-22.t (PacketStormID:F35118)
2004-11-24 00:00:00
Jouko Pynnonen,iDefense Labs  idefense.com
advisory,remote,web,vulnerability
linux,windows
CVE-2004-1029
[点击下载]

iDEFENSE Security Advisory 11.22.04 - J2SE prior to v1.4.2_06 contains serious remote vulnerabilities which allow applets loaded in browsers to load an unsafe class, and write to any file on a users system. IE, Mozilla, and Firefox can lead to compromise on Linux and Windows systems if a malicious web page is loaded.

Sun Java Plugin Arbitrary Package Access Vulnerability
   iDEFENSE Security Advisory 11.22.04:

   I. BACKGROUND

   Java Plug-in technology, included as part of the Java 2 Runtime
   Environment, Standard Edition (JRE), establishes a connection between
   popular browsers and the Java platform. This connection enables
   applets
   on Web sites to be run within a browser on the desktop. More
   information
   about Java Plug-in technology is available from
   [14]http://java.sun.com/products/plugin/.

   II. DESCRIPTION

   Remote exploitation of a design vulnerability in Sun Microsystems
   Inc.'s
   Java Plug-in technology allows attackers to bypass the Java sandbox
   and
   all security restrictions imposed within Java Applets.

   A number of private Java packages exist within the Java Virtual
   Machine
   (VM) and are used internally by the VM. Security restrictions prevent
   Applets from accessing these packages. Any attempt to access these
   packages, results in a thrown exception of 'AccessControlException',
   unless the Applet is signed and the user has chosen to trust the
   issuer.

   The problem specifically exists within the access controls of the Java
   to Javascript data exchange in web browsers using Sun's Java Plug-in
   technology. The vulnerability allows Javascript code to load an unsafe
   class which should not normally be possible from a Java Applet.

   III. ANALYSIS

   Successful exploitation allows remote attackers to execute hostile
   Applets that can access, download, upload or execute arbitrary files
   as
   well as access the network. A target user must be running a browser on
   top of a vulnerable Java Virtual Machine to be affected. It is
   possible
   for an attacker to create a cross-platform, cross-browser exploit for
   this vulnerability. Once compromised, an attacker can execute
   arbitrary
   code under the privileges of the user who instantiated the vulnerable
   browser.

   IV. DETECTION

   iDEFENSE has confirmed the existence of this vulnerability in Java 2
   Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun
   Microsystems. It is suspected that earlier versions are vulnerable as
   well. Various browsers such as Internet Explorer, Mozilla and Firefox
   on
   both Windows and Unix platforms can be exploited if they are running a
   vulnerable Java Virtual Machine.

   V. WORKAROUND

   Disabling Java or JavaScript will prevent exploitation as the
   vulnerability relies on the data transfer between the two components.
   Other Java Virtual Machines, such as the Microsoft VM, are available
   and
   can be used as an alternative.

   VI. VENDOR RESPONSE

   This issue has been fixed in J2SE v 1.4.2_06 available at:

      [15]http://java.sun.com/j2se/1.4.2/download.html

   VII. CVE INFORMATION

   The Common Vulnerabilities and Exposures (CVE) project has assigned
   the
   name CAN-2004-1029 to this issue. This is a candidate for inclusion in
   the CVE list ([16]http://cve.mitre.org), which standardizes names for
   security problems.

   VIII. DISCLOSURE TIMELINE

   06/29/2004   Initial vendor notification
   06/30/2004   Initial vendor response
   08/16/2004   iDEFENSE clients notified
   11/22/2004   Public disclosure

   IX. CREDIT

   Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery.

   Get paid for vulnerability research
   [17]http://www.idefense.com/poi/teams/vcp.jsp

   X. LEGAL NOTICES

   Copyright     

- 漏洞信息

12095
Sun Java JRE Plug-in Capability Arbitrary Package Access
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Java contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the reflection API to access packages which are supposed to be private to the Virtual Machine, and may allow access to memory or unauthorized privileges. This flaw may lead to a loss of integrity.

- 时间线

2004-11-22 2004-04-29
2004-11-22 2004-11-22

- 解决方案

Upgrade to version 1.3.1_13 of Java SDK or 1.4.2_06 of JRE or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Sun Java Runtime Environment Java Plug-in JavaScript Security Restriction Bypass Vulnerability
Access Validation Error 11726
Yes No
2004-11-22 12:00:00 2009-07-12 08:06:00
Discovery of this vulnerability is credited to Jouko Pynnonen <jouko@iki.fi>.

- 受影响的程序版本

Symantec Gateway Security 5400 2.0.1
Symantec Gateway Security 5400 2.0
Symantec Enterprise Firewall 8.0 Solaris
Symantec Enterprise Firewall 8.0 NT/2000
Symantec Enterprise Firewall 8.0
Sun SDK (Windows Production Release) 1.4.2 _05
Sun SDK (Windows Production Release) 1.4.2 _04
Sun SDK (Windows Production Release) 1.4.2 _03
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.1 _03
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
Sun SDK (Windows Production Release) 1.4 .0_4
Sun SDK (Windows Production Release) 1.4 .0_03
Sun SDK (Windows Production Release) 1.4 .0_02
Sun SDK (Windows Production Release) 1.4 .0_01
Sun SDK (Windows Production Release) 1.4
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4 .0_4
Sun SDK (Solaris Production Release) 1.4 .0_03
Sun SDK (Solaris Production Release) 1.4 .0_02
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.4.2 _05
Sun SDK (Linux Production Release) 1.4.2 _04
Sun SDK (Linux Production Release) 1.4.2 _03
Sun SDK (Linux Production Release) 1.4.2 _02
Sun SDK (Linux Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Linux Production Release) 1.4 .0_4
Sun SDK (Linux Production Release) 1.4 .0_03
Sun SDK (Linux Production Release) 1.4 .0_02
Sun SDK (Linux Production Release) 1.4
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.4.2 _05
Sun JRE (Windows Production Release) 1.4.2 _04
Sun JRE (Windows Production Release) 1.4.2 _03
Sun JRE (Windows Production Release) 1.4.2 _02
Sun JRE (Windows Production Release) 1.4.2 _01
Sun JRE (Windows Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.1 _07
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _01
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4 .0_04
Sun JRE (Windows Production Release) 1.4 .0_03
Sun JRE (Windows Production Release) 1.4 .0_02
Sun JRE (Windows Production Release) 1.4 .0_01
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.3.1 _09
Sun JRE (Windows Production Release) 1.3.1 _08
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _03
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.3 .0_05
Sun JRE (Windows Production Release) 1.3 .0_04
Sun JRE (Windows Production Release) 1.3 .0_02
Sun JRE (Windows Production Release) 1.3 .0_02
Sun JRE (Windows Production Release) 1.3
Sun JRE (Solaris Production Release) 1.4.2 _05
Sun JRE (Solaris Production Release) 1.4.2 _04
Sun JRE (Solaris Production Release) 1.4.2 _03
Sun JRE (Solaris Production Release) 1.4.2 _02
Sun JRE (Solaris Production Release) 1.4.2 _01
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _01
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4 .0_04
Sun JRE (Solaris Production Release) 1.4 .0_04
Sun JRE (Solaris Production Release) 1.4 .0_03
Sun JRE (Solaris Production Release) 1.4 .0_02
Sun JRE (Solaris Production Release) 1.4 .0_01
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.3.1 _09
Sun JRE (Solaris Production Release) 1.3.1 _08
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _03
+ Macromedia ColdFusion Server MX Professional
+ Macromedia ColdFusion Server MX Enterprise
+ Macromedia ColdFusion Server MX Developer
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.3.1
Sun JRE (Solaris Production Release) 1.3 _04
Sun JRE (Solaris Production Release) 1.3 _03
Sun JRE (Solaris Production Release) 1.3 _01
Sun JRE (Solaris Production Release) 1.3 .0_05
Sun JRE (Solaris Production Release) 1.3 .0_02
Sun JRE (Solaris Production Release) 1.3 .0_02
Sun JRE (Solaris Production Release) 1.3
Sun JRE (Linux Production Release) 1.4.2 _05
Sun JRE (Linux Production Release) 1.4.2 _04
+ Opera Software Opera Web Browser 7.54
Sun JRE (Linux Production Release) 1.4.2 _03
Sun JRE (Linux Production Release) 1.4.2 _02
Sun JRE (Linux Production Release) 1.4.2 _01
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _01
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Linux Production Release) 1.4 .0_04
Sun JRE (Linux Production Release) 1.4 .0_03
Sun JRE (Linux Production Release) 1.4 .0_02
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.3.1 _09
Sun JRE (Linux Production Release) 1.3.1 _08
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _04
Sun JRE (Linux Production Release) 1.3.1 _03
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _01a
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.3 .0_05
Sun JRE (Linux Production Release) 1.3 .0_04
Sun JRE (Linux Production Release) 1.3 .0_03
Sun JRE (Linux Production Release) 1.3 .0_02
Sun JRE (Linux Production Release) 1.3 .0_01
Sun JRE (Linux Production Release) 1.3 .0
Sun Java Desktop System (JDS) 2.0
Sun Java Desktop System (JDS) 2003
Sun Java 2 Runtime Environment 1.4.2
Sun Java 2 Runtime Environment 1.4.1
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 1.3 _05
Sun Java 2 Runtime Environment 1.3 _02
Sun Java 2 Runtime Environment 1.3
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
Oracle Workflow 11.5.9 .5
Oracle Workflow 11.5.1
Oracle Oracle9i Standard Edition 9.2 .6
Oracle Oracle9i Standard Edition 9.2 .0.5
Oracle Oracle9i Standard Edition 9.0.1 .5
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Personal Edition 9.2 .6
Oracle Oracle9i Personal Edition 9.2 .0.5
Oracle Oracle9i Personal Edition 9.0.1 .5
Oracle Oracle9i Personal Edition 9.0.1 .4
Oracle Oracle9i Enterprise Edition 9.2 .6.0
Oracle Oracle9i Enterprise Edition 9.2 .0.5
Oracle Oracle9i Enterprise Edition 9.0.1 .5
Oracle Oracle9i Enterprise Edition 9.0.1 .4
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Enterprise Edition 8.1.7 .4.0
Oracle Oracle8 8.0.6 .3
Oracle Oracle8 8.0.6
Oracle Oracle10g Standard Edition 10.1 .0.4
Oracle Oracle10g Standard Edition 10.1 .0.3
Oracle Oracle10g Standard Edition 10.1 .0.2
Oracle Oracle10g Personal Edition 10.1 .0.4
Oracle Oracle10g Personal Edition 10.1 .0.3
Oracle Oracle10g Personal Edition 10.1 .0.2
Oracle Oracle10g Enterprise Edition 10.1 .0.4
Oracle Oracle10g Enterprise Edition 10.1 .0.3
Oracle Oracle10g Enterprise Edition 10.1 .0.2
Oracle Oracle10g Application Server 9.0.4 .1
Oracle Oracle10g Application Server 9.0.4 .0
Oracle Oracle HTTP Server for Apps only 1.0.2 .1s
Oracle Oracle HTTP Server 9.2 .0
+ Apache Software Foundation Apache 1.3.22
Oracle Oracle HTTP Server 9.1
+ Apache Software Foundation Apache 1.3.12
Oracle Oracle HTTP Server 9.0.3 .1
Oracle Oracle HTTP Server 9.0.2 .3
+ Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle HTTP Server 9.0.2
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
Oracle Oracle HTTP Server 1.0.2 .2 Roll up 2
Oracle Oracle HTTP Server 1.0.2 .2
Oracle Oracle HTTP Server 1.0.2 .1
Oracle Oracle HTTP Server 1.0.2 .0
Oracle JInitiator 1.3.1
Oracle JInitiator 1.1.8
Oracle HTTP Server for Server 9.2
Oracle HTTP Server for Server 9.0.1
Oracle HTTP Server for Server 8.1.7
Oracle Forms And Reports 6.0.8 .25
Oracle Forms And Reports 4.5.10 .22
Oracle Express Server 6.3.4 .0
Oracle Enterprise Manager Grid Control 10g 10.1 .3
Oracle Enterprise Manager Grid Control 10g 10.1 .0.2
Oracle Enterprise Manager Database Control 10g 10.1 .0.4
Oracle Enterprise Manager Database Control 10g 10.1 .0.3
Oracle Enterprise Manager Database Control 10g 10.1 .0.2
Oracle Enterprise Manager Application Server Control 9.0.4 .1
Oracle Enterprise Manager Application Server Control 9.0.4 .0
HP Java SDK/RTE for HP-UX PA-RISC 1.4
HP Java SDK/RTE for HP-UX PA-RISC 1.3
+ HP HP-UX 11.20
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX (VVOS) 11.0 4
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
Conectiva Linux 10.0
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Sun JRE (Windows Production Release) 1.4.2 _06
Sun JRE (Solaris Production Release) 1.4.2 _06
Sun JRE (Linux Production Release) 1.4.2 _06

- 不受影响的程序版本

Sun JRE (Windows Production Release) 1.4.2 _06
Sun JRE (Solaris Production Release) 1.4.2 _06
Sun JRE (Linux Production Release) 1.4.2 _06

- 漏洞讨论

A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.

** UPDATE: It is reported that the various methods of invoking Java applets can be abused to specify which version of a plug-in will be used to run an applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). It is not known to what degree the Sun Java Runtime Environment Java Plug-in JavaScript Security Restriction Bypass Vulnerability is affected by this security weakness, though a number of other known vulnerabilities could be affected.

- 漏洞利用

The following example is available:

[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]

- 解决方案

The vendor has released updates to address this issue. As an additional precaution, users should uninstall any previous vulnerable JVM installations to prevent attackers from specifying these versions be run instead of updated versions.

Apple has released an advisory (APPLE-SA-2005-02-22) and an update to address this vulnerability. Apple users are advised to see the referenced advisory for further information in regards to obtaining and applying an appropriate fix.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Conectiva Linux has released advisory CLA-2004:900 along with fixes to address this issue. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200411-38 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
Sun JDK users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06"
Sun JRE users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06"
Blackdown JDK users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01"
Blackdown JRE users:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01"
Please see the referenced advisory for further information.

Sun has updated their initial advisory. The Java SDK packages have been added as vulnerable and resolutions have been provided.

HP has released an advisory HPSBUX01100 to address this issue in HP-UX. Please see the referenced advisory for more information.

Symantec has released advisory SYM05-001 to address this issue in various Symantec products. The affected products do not directly utilize the vulnerable application, but they contain a vulnerable version. This vulnerable version may be sent to the computer of administrators attempting to manage the devices, potentially exposing them to this vulnerability. Please see the referenced advisory for further information.

SuSE Linux has released a security summary report (SUSE-SR:2005:003) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Sun Microsystems has released Sun Alert ID: 57741 dealing with this issue in their Java Desktop System (JDS) packages for Linux. Sun has advised that patches are downloaded and implemented as soon as possible. To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu:

Launch >> Applications >> System Tools >> Online Update

Sun Microsystems has released Sun Alert ID: 101799 to address this issue on Sun Java Desktop System 2003. The issue has been addressed by RPM patch 118752-02, which may be applied by running the following command sequence from the "launch" menu:

Launch >> Applications >> System Tools >> Online Update

For more information on this issue and obtaining updates see the referenced Sun Microsystems advisories.

Oracle has released a Critical Patch Update (Critical Patch Update - July 2005) to address this issue. Currently, it is unknown which exact Oracle products include vulnerable packages. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.

HP has released advisory HPSBUX01214 (SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access) to address this issue in HP-UX B.11.11 and HP-UX B.11.23. Please see the referenced advisory for more information.


Sun JRE (Windows Production Release) 1.3 .0_02

Sun JRE (Linux Production Release) 1.3 .0

HP Java SDK/RTE for HP-UX PA-RISC 1.3

Sun JRE (Solaris Production Release) 1.3 _04

Sun JRE (Linux Production Release) 1.3 .0_05

Sun JRE (Solaris Production Release) 1.3

Sun SDK (Linux Production Release) 1.3.1 _06

Sun JRE (Solaris Production Release) 1.3.1

Sun JRE (Solaris Production Release) 1.3.1 _02

Sun Java 2 Runtime Environment 1.3.1 _08

Sun SDK (Windows Production Release) 1.3.1 _05

Sun SDK (Solaris Production Release) 1.3.1 _01

Sun JRE (Solaris Production Release) 1.3.1 _03

Sun JRE (Solaris Production Release) 1.3.1 _09

Sun JRE (Solaris Production Release) 1.3.1 _05

Sun JRE (Linux Production Release) 1.3.1 _08

Sun JRE (Linux Production Release) 1.3.1 _01a

Sun SDK (Windows Production Release) 1.3.1 _07

Sun JRE (Linux Production Release) 1.3.1 _09

Sun JRE (Linux Production Release) 1.3.1 _01

Sun JRE (Windows Production Release) 1.3.1 _01a

Sun SDK (Solaris Production Release) 1.3.1 _06

Sun SDK (Windows Production Release) 1.3.1 _04

Sun SDK (Linux Production Release) 1.3.1 _07

Sun JRE (Windows Production Release) 1.3.1 _08

Sun JRE (Linux Production Release) 1.3.1 _05

Sun SDK (Solaris Production Release) 1.3.1 _05

Sun JRE (Linux Production Release) 1.3.1 _07

Sun JRE (Windows Production Release) 1.4

Sun JRE (Linux Production Release) 1.4

Sun JRE (Windows Production Release) 1.4 .0_01

Sun JRE (Linux Production Release) 1.4 .0_03

Sun SDK (Windows Production Release) 1.4

Sun SDK (Solaris Production Release) 1.4 .0_03

Sun SDK (Windows Production Release) 1.4 .0_4

Sun SDK (Windows Production Release) 1.4 .0_03

Sun JRE (Solaris Production Release) 1.4 .0_02

Sun JRE (Solaris Production Release) 1.4 .0_03

Sun SDK (Windows Production Release) 1.4 .0_01

Sun SDK (Solaris Production Release) 1.4 .0_02

Sun JRE (Solaris Production Release) 1.4.1 _02

Sun JRE (Solaris Production Release) 1.4.1

Sun SDK (Solaris Production Release) 1.4.1 _01

Sun JRE (Linux Production Release) 1.4.1 _03

Sun JRE (Windows Production Release) 1.4.1

Sun JRE (Solaris Production Release) 1.4.2

Sun SDK (Windows Production Release) 1.4.2 _05

Sun JRE (Solaris Production Release) 1.4.2 _05

Sun JRE (Linux Production Release) 1.4.2 _01

Sun SDK (Windows Production Release) 1.4.2

Sun Java 2 Runtime Environment 1.4.2

Sun JRE (Windows Production Release) 1.4.2 _03

Sun SDK (Linux Production Release) 1.4.2 _02

Sun JRE (Windows Production Release) 1.4.2 _01

Sun JRE (Windows Production Release) 1.4.2 _02

Sun JRE (Linux Production Release) 1.4.2 _03

Sun SDK (Windows Production Release) 1.4.2 _04

Sun SDK (Solaris Production Release) 1.4.2 _03

Sun JRE (Linux Production Release) 1.4.2 _04

Sun JRE (Windows Production Release) 1.4.2 _05

Sun SDK (Linux Production Release) 1.4.2 _04

Apple Mac OS X Server 10.3.4

Apple Mac OS X Server 10.3.6

Apple Mac OS X 10.3.8

Apple Mac OS X Server 10.3.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站