ByteOS Network

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://jouko.iki.fi/adv/javaplugin.html	cve@mitre.org	N/A
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html	cve@mitre.org	N/A
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html	cve@mitre.org	N/A
http://secunia.com/advisories/13271	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/29035	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/61	cve@mitre.org	N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1	cve@mitre.org	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1	cve@mitre.org	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249	cve@mitre.org	N/A
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/760344	cve@mitre.org	US Government Resource
http://www.securityfocus.com/bid/12317	cve@mitre.org	Patch
http://www.vupen.com/english/advisories/2008/0599	cve@mitre.org	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674	cve@mitre.org	N/A
http://jouko.iki.fi/adv/javaplugin.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/13271	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/29035	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://securityreason.com/securityalert/61	af854a3a-2127-422b-91ae-364da2661108	N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/760344	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.securityfocus.com/bid/12317	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.vupen.com/english/advisories/2008/0599	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674	af854a3a-2127-422b-91ae-364da2661108	N/A