CVE-2003-1229
Summary
| CVE | CVE-2003-1229 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2003-12-31 05:00:00 UTC |
| Updated | 2022-09-13 18:45:00 UTC |
| Description | X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sun | Java Web Start | 1.0 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_01 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_02 | All | All | All |
| Application | Sun | Java Web Start | 1.2 | All | All | All |
| Application | Sun | Java Web Start | 1.0 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_01 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_02 | All | All | All |
| Application | Sun | Java Web Start | 1.2 | All | All | All |
| Application | Sun | Java Web Start | 1.0 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_01 | All | All | All |
| Application | Sun | Java Web Start | 1.0.1_02 | All | All | All |
| Application | Sun | Java Web Start | 1.2 | All | All | All |
| Application | Sun | Jdk | 1.3 | All | solaris | All |
| Application | Sun | Jdk | 1.3.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.3.0_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_05 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_01 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_01 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_01a | All | windows | All |
| Application | Sun | Jdk | 1.3.1_03 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_03 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_05 | All | windows | All |
| Application | Sun | Jdk | 1.3_02 | All | solaris | All |
| Application | Sun | Jdk | 1.3_05 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | linux | All |
| Application | Sun | Jdk | 1.4 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | windows | All |
| Application | Sun | Jdk | 1.4.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jdk | 1.4.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.4.1 | All | linux | All |
| Application | Sun | Jdk | 1.4.1 | All | solaris | All |
| Application | Sun | Jdk | 1.4.1 | All | windows | All |
| Application | Sun | Jdk | 1.3 | All | solaris | All |
| Application | Sun | Jdk | 1.3.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.3.0_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_05 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_01 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_01 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_01a | All | windows | All |
| Application | Sun | Jdk | 1.3.1_03 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_03 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_05 | All | windows | All |
| Application | Sun | Jdk | 1.3_02 | All | solaris | All |
| Application | Sun | Jdk | 1.3_05 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | linux | All |
| Application | Sun | Jdk | 1.4 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | windows | All |
| Application | Sun | Jdk | 1.4.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jdk | 1.4.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.4.1 | All | linux | All |
| Application | Sun | Jdk | 1.4.1 | All | solaris | All |
| Application | Sun | Jdk | 1.4.1 | All | windows | All |
| Application | Sun | Jdk | 1.3 | All | solaris | All |
| Application | Sun | Jdk | 1.3.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.3.0_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.0_05 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_01 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_01 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_01a | All | windows | All |
| Application | Sun | Jdk | 1.3.1_03 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_03 | All | windows | All |
| Application | Sun | Jdk | 1.3.1_05 | All | linux | All |
| Application | Sun | Jdk | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jdk | 1.3.1_05 | All | windows | All |
| Application | Sun | Jdk | 1.3_02 | All | solaris | All |
| Application | Sun | Jdk | 1.3_05 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | linux | All |
| Application | Sun | Jdk | 1.4 | All | solaris | All |
| Application | Sun | Jdk | 1.4 | All | windows | All |
| Application | Sun | Jdk | 1.4.0_02 | All | linux | All |
| Application | Sun | Jdk | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jdk | 1.4.0_02 | All | windows | All |
| Application | Sun | Jdk | 1.4.1 | All | linux | All |
| Application | Sun | Jdk | 1.4.1 | All | solaris | All |
| Application | Sun | Jdk | 1.4.1 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | All | solaris | All |
| Application | Sun | Jre | 1.3.0 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | update1 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update2 | windows | All |
| Application | Sun | Jre | 1.3.0 | update5 | linux | All |
| Application | Sun | Jre | 1.3.0 | update5 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update5 | windows | All |
| Application | Sun | Jre | 1.3.1 | All | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | solaris | All |
| Application | Sun | Jre | 1.3.1 | update1a | windows | All |
| Application | Sun | Jre | 1.3.1_03 | All | linux | All |
| Application | Sun | Jre | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_03 | All | windows | All |
| Application | Sun | Jre | 1.3.1_05 | All | linux | All |
| Application | Sun | Jre | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_05 | All | windows | All |
| Application | Sun | Jre | 1.4 | All | linux | All |
| Application | Sun | Jre | 1.4 | All | solaris | All |
| Application | Sun | Jre | 1.4 | All | windows | All |
| Application | Sun | Jre | 1.4.0_02 | All | linux | All |
| Application | Sun | Jre | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jre | 1.4.0_02 | All | windows | All |
| Application | Sun | Jre | 1.4.1 | All | linux | All |
| Application | Sun | Jre | 1.4.1 | All | solaris | All |
| Application | Sun | Jre | 1.4.1 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | All | solaris | All |
| Application | Sun | Jre | 1.3.0 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | update1 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update2 | windows | All |
| Application | Sun | Jre | 1.3.0 | update5 | linux | All |
| Application | Sun | Jre | 1.3.0 | update5 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update5 | windows | All |
| Application | Sun | Jre | 1.3.1 | All | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | solaris | All |
| Application | Sun | Jre | 1.3.1 | update1a | windows | All |
| Application | Sun | Jre | 1.3.1_03 | All | linux | All |
| Application | Sun | Jre | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_03 | All | windows | All |
| Application | Sun | Jre | 1.3.1_05 | All | linux | All |
| Application | Sun | Jre | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_05 | All | windows | All |
| Application | Sun | Jre | 1.4 | All | linux | All |
| Application | Sun | Jre | 1.4 | All | solaris | All |
| Application | Sun | Jre | 1.4 | All | windows | All |
| Application | Sun | Jre | 1.4.0_02 | All | linux | All |
| Application | Sun | Jre | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jre | 1.4.0_02 | All | windows | All |
| Application | Sun | Jre | 1.4.1 | All | linux | All |
| Application | Sun | Jre | 1.4.1 | All | solaris | All |
| Application | Sun | Jre | 1.4.1 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | All | solaris | All |
| Application | Sun | Jre | 1.3.0 | All | windows | All |
| Application | Sun | Jre | 1.3.0 | update1 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | linux | All |
| Application | Sun | Jre | 1.3.0 | update2 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update2 | windows | All |
| Application | Sun | Jre | 1.3.0 | update5 | linux | All |
| Application | Sun | Jre | 1.3.0 | update5 | solaris | All |
| Application | Sun | Jre | 1.3.0 | update5 | windows | All |
| Application | Sun | Jre | 1.3.1 | All | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | linux | All |
| Application | Sun | Jre | 1.3.1 | update1 | solaris | All |
| Application | Sun | Jre | 1.3.1 | update1a | windows | All |
| Application | Sun | Jre | 1.3.1_03 | All | linux | All |
| Application | Sun | Jre | 1.3.1_03 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_03 | All | windows | All |
| Application | Sun | Jre | 1.3.1_05 | All | linux | All |
| Application | Sun | Jre | 1.3.1_05 | All | solaris | All |
| Application | Sun | Jre | 1.3.1_05 | All | windows | All |
| Application | Sun | Jre | 1.4 | All | linux | All |
| Application | Sun | Jre | 1.4 | All | solaris | All |
| Application | Sun | Jre | 1.4 | All | windows | All |
| Application | Sun | Jre | 1.4.0_02 | All | linux | All |
| Application | Sun | Jre | 1.4.0_02 | All | solaris | All |
| Application | Sun | Jre | 1.4.0_02 | All | windows | All |
| Application | Sun | Jre | 1.4.1 | All | linux | All |
| Application | Sun | Jre | 1.4.1 | All | solaris | All |
| Application | Sun | Jre | 1.4.1 | All | windows | All |
| Application | Sun | Jsse | 1.0.3 | All | All | All |
| Application | Sun | Jsse | 1.0.3 | All | All | All |
| Application | Sun | Jsse | 1.0.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Secunia - Advisories - Java fails to validate certificates | SECUNIA | secunia.com | Patch, Vendor Advisory |
| #50081: Incorrect Certificate Validation in Java Secure Socket Extension (JSSE), Java Plug-In and Java Web Start java.lang.NullPointerException | SUNALERT | sunsolve.sun.com | Patch, Vendor Advisory |
| Sun Java Secure Socket Extension (JSSE) May Incorrectly Authenticate Invalid Entities - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Oracle Java Technologies | Oracle | CONFIRM | java.sun.com | |
| (HP Issues Fix) Sun Java Secure Socket Extension (JSSE) May Incorrectly Authenticate Invalid Entities - SecurityTracker | SECTRACK | securitytracker.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Neohapsis Archives - Bugtraq - Incorrect Certificate Validation in Java Secure Socket Extension - From a.loots_at_itsec-ss.nl | BUGTRAQ | archives.neohapsis.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| HPSBUX0301-239 | HP | www1.itrc.hp.com | |
| Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate Validation Vulnerability | BID | www.securityfocus.com | Patch |
| (HP Issues Fix for Virtualvault) Sun Java Secure Socket Extension (JSSE) May Incorrectly Authenticate Invalid Entities - SecurityTracker | SECTRACK | securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.