CVE-2003-1229 : X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Published 2003-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2003-1229

SUN » Java Web Start
Versions from including (>=) 1.0 and up to, including, (<=) 1.2
cpe:2.3:a:sun:java_web_start:*:*:*:*:*:*:*:*
Matching versions
SUN » Jsse » Version: 1.0.3
cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*
Matching versions
Oracle » JRE
Versions from including (>=) 1.3.0 and up to, including, (<=) 1.4.1
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-1229

EPSS FAQ

1.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-1229

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2003-1229

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2003-1229

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883

404 Not Found
Broken Link
http://www.securitytracker.com/id?1006001

Broken Link;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/6682

Broken Link;Patch;Third Party Advisory;VDB Entry
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239

Broken Link
http://securitytracker.com/id?1007483

Broken Link;Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182

Sun Java products incorrectly validate digital certificates CVE-2003-1229 Vulnerability Report
Third Party Advisory;VDB Entry
http://java.sun.com/products/jsse/CHANGES.txt

Oracle Java Technologies | Oracle
Broken Link;Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1

Broken Link;Patch;Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html

Broken Link
http://securitytracker.com/id?1006007

Broken Link;Third Party Advisory;VDB Entry
http://secunia.com/advisories/7943

About Secunia Research | Flexera
Broken Link;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2003-1229

Products affected by CVE-2003-1229

Exploit prediction scoring system (EPSS) score for CVE-2003-1229

CVSS scores for CVE-2003-1229

CWE ids for CVE-2003-1229

References for CVE-2003-1229