Sun JDK/JRE Disallowed Class Loading Vulnerability

BID:2051

Info

Sun JDK/JRE Disallowed Class Loading Vulnerability

Bugtraq ID: 2051
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Nov 29 2000 12:00AM
Updated: Nov 29 2000 12:00AM
Credit: Reported by Sun Microsystems in an advisory dated November 29, 2000.
Vulnerable: Sun JDK (Windows Production Release) 1.2.2 _004
Sun JDK (Windows Production Release) 1.2.1 _003
Sun JDK (Windows Production Release) 1.1.8 _002
Sun JDK (Windows Production Release) 1.1.7 B_005
Sun JDK (Windows Production Release) 1.1.6 _007
Sun JDK (Solaris Reference Release) 1.2.2 _004
Sun JDK (Solaris Reference Release) 1.2.1 _003
Sun JDK (Solaris Reference Release) 1.1.8 _002
Sun JDK (Solaris Reference Release) 1.1.7 B_005
Sun JDK (Solaris Reference Release) 1.1.6 _007
Sun JDK (Solaris Production Release) 1.2.2 _05
Sun JDK (Solaris Production Release) 1.2.1
Sun JDK (Solaris Production Release) 1.1.8 _10
Sun JDK (Solaris Production Release) 1.1.7 B
Sun JDK (Solaris Production Release) 1.1.6
Sun JDK (Linux Production Release) 1.2.2 _05
Sun Java HotSpot Performance Engine 1.0.1
Sun Java HotSpot Performance Engine 1.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
 HP MPE/iX 7.0
HP MPE/iX 6.5
HP MPE/iX 6.0
Not Vulnerable: Sun SDK (Linux Production Release) 1.3
Sun JDK (Solaris Reference Release) 1.2.2 _006
Sun JDK (Solaris Reference Release) 1.2.1 _004
Sun JDK (Solaris Reference Release) 1.1.8 _005
Sun JDK (Solaris Reference Release) 1.1.7 B_007
Sun JDK (Solaris Reference Release) 1.1.6 _009
Sun JDK (Solaris Production Release) 1.2.2 _06
Sun JDK (Linux Production Release) 1.2.2 _06
Sun Java HotSpot Performance Engine 2.0

Discussion

Sun JDK/JRE Disallowed Class Loading Vulnerability

A vulnerability exists in certain versions of Sun's Java Runtime Environment, and potentially in JREs from other vendors having been derived from Sun's Java Development Kit source tree.

Untrusted Java code may be able to calls to classes which would normally not be permitted. As a result, a malicious applet could potentially be used, for example, to compromise the security of a host system visiting an attacker's web site.

The original Sun Microsystems advisory does not provide further specific details of this vulnerability.

Exploit / POC

Sun JDK/JRE Disallowed Class Loading Vulnerability

Currently SecurityFocus staff are unaware of any exploits for this vulnerability.

Solution / Fix

Sun JDK/JRE Disallowed Class Loading Vulnerability

Solution:
Sun recommends that upgrading to the latest JDK/JRE releases.


Sun JDK (Windows Production Release) 1.1.6 _007

Sun JDK (Solaris Reference Release) 1.1.6 _007

Sun JDK (Windows Production Release) 1.1.7 B_005

Sun JDK (Solaris Reference Release) 1.1.7 B_005

Sun JDK (Solaris Production Release) 1.1.8 _10

Sun JDK (Windows Production Release) 1.1.8 _002

Sun JDK (Solaris Reference Release) 1.1.8 _002

Sun JDK (Solaris Reference Release) 1.2.1 _003

Sun JDK (Windows Production Release) 1.2.1 _003

Sun JDK (Solaris Reference Release) 1.2.2 _004

Sun JDK (Solaris Production Release) 1.2.2 _05

Sun JDK (Linux Production Release) 1.2.2 _05

HP MPE/iX 6.0

HP MPE/iX 6.5

HP MPE/iX 7.0

References

Sun JDK/JRE Disallowed Class Loading Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report