Vulnerability Details : CVE-2003-1229
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
Exploit prediction scoring system (EPSS) score for CVE-2003-1229
Probability of exploitation activity in the next 30 days: 0.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-1229
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2003-1229
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-1229
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883
404 Not FoundBroken Link
-
http://www.securitytracker.com/id?1006001
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/6682
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
Broken Link
-
http://securitytracker.com/id?1007483
Broken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
Sun Java products incorrectly validate digital certificates CVE-2003-1229 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://java.sun.com/products/jsse/CHANGES.txt
Oracle Java Technologies | OracleBroken Link;Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
Broken Link;Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
Broken Link
-
http://securitytracker.com/id?1006007
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/7943
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
Products affected by CVE-2003-1229
- cpe:2.3:a:sun:java_web_start:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*