SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
Sun Java (JRE/SDK) Access Control Flaw Lets Untrusted Applets Access Information From Other Applets
SecurityTracker Alert ID:  1006935
SecurityTracker URL:  http://securitytracker.com/id/1006935
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 6 2003
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.0_01 and prior versions
Description:   A vulnerability was reported in Sun's Java Runtime Environment (JRE). An untrusted applet may be able to violate Java access controls.

Sun reported that an untrusted applet may be able to access information from a trusted applet. No further details were provided.

Sun credits RecipeXperience with reporting this flaw.

Impact:   An untrusted applet can access information from a trusted applet.
Solution:   Sun has issued the following fixes for SDK and JRE, available at:

http://java.sun.com/j2se/


Windows Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_013 and later

Solaris Operating Environment (OE) Reference Releases

SDK and JRE 1.2.2_013 and later

Solaris OE Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_13 and later

Linux Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_013 and later

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55100 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  An Untrusted Applet may Access Information From a Trusted Applet


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55100

Sun issued alert 55100 warning of a flaw in Java JRE/SDK that may allow an untrusted 
applet to access information from a trusted applet.  No further details were provided.

Sun credits RecipeXperience with reporting this flaw.

The following versions are affected:

Windows Production Releases

SDK and JRE 1.4.0_01 or earlier
SDK and JRE 1.3.1_04 or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_012 or earlier

Solaris Operating Environment (OE) Reference Releases

SDK and JRE 1.2.2_012 or earlier

Solaris OE Production Releases

SDK and JRE 1.4.0_01 or earlier
SDK and JRE 1.3.1_04 or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_12 or earlier

Linux Production Releases

SDK and JRE 1.4.0_01 or earlier
SDK and JRE 1.3.1_04 or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_012 or earlier

Sun notes that SDK and JRE 1.4.1 and later releases for Windows, Linux, and Solaris are 
not affected.


Sun has issued the following fixes for SDK and JREm, available at:

http://java.sun.com/j2se/


Windows Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_013 and later

Solaris OE Reference Releases

SDK and JRE 1.2.2_013 and later

Solaris OE Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_13 and later

Linux Production Releases

SDK and JRE 1.4.0_02 and later
SDK and JRE 1.3.1_05 and later
SDK and JRE 1.2.2_013 and later


-----

Sun Alert ID: 55100
Synopsis: An Untrusted Applet May Access Information From a Trusted Applet
Category: Security
Product: Java JRE/SDK
BugIDs: 4670154
Avoidance: Upgrade
State: Resolved
Date Released: 04-Jun-2003
Date Closed: 04-Jun-2003
Date Modified:



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC