CVE-2003-1134

Sun Java 1.3.1, 1.4.1, 1.4.2 - Denial of Service via ClassDepth Null Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1134. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in the Sun Microsystems Java Virtual Machine's Security Manager implementation. The code triggers a crash by calling classDepth(null), which exploits a flaw in the Security Manager's handling of null parameters.

Description

Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marc Schoenefeld · javadosmultiple

https://www.exploit-db.com/exploits/23292

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in the Sun Microsystems Java Virtual Machine's Security Manager implementation. The code triggers a crash by calling classDepth(null), which exploits a flaw in the Security Manager's handling of null parameters.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Sun Microsystems Java Virtual Machine (versions affected by CVE-2003-1134)

No auth needed

Prerequisites: Java Virtual Machine with the vulnerable Security Manager implementation

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8892

Exploit mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html

Scores

EPSS 0.0080

EPSS Percentile 51.8%

Details

Status published

Products (3)

sun/java 1.3.1

sun/java 1.4.1

sun/java 1.4.2

Published Dec 31, 2003

Tracked Since Feb 18, 2026