CVE-2003-1229

Oracle JRE 1.3.0-1.4.0_01 - Improper Certificate Validation in X509TrustManager

Title source: llm
STIX 2.1

Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

References (11)

Core 11
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1006001
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1007483
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6682
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1006007
Broken Link, Vendor Advisory x_refsource_confirm
http://java.sun.com/products/jsse/CHANGES.txt
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7943
Broken Link, Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html

Scores

EPSS 0.0129
EPSS Percentile 79.9%

Details

CWE
CWE-295
Status published
Products (3)
oracle/jre 1.3.0 - 1.4.1
sun/java_web_start 1.0 - 1.2
sun/jsse 1.0.3
Published Dec 31, 2003
Tracked Since Feb 18, 2026