CVEDB API

Vulnerability Details CVE-2003-1229

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.7%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2003-1229

Oracle » Jre » Version: 1.4.0

cpe:2.3:a:oracle:jre:1.4.0
Oracle » Jre » Version: 1.4.0_01

cpe:2.3:a:oracle:jre:1.4.0_01
Oracle » Jre » Version: 1.4.0_02

cpe:2.3:a:oracle:jre:1.4.0_02
Oracle » Jre » Version: 1.4.0_03

cpe:2.3:a:oracle:jre:1.4.0_03
Oracle » Jre » Version: 1.4.0_04

cpe:2.3:a:oracle:jre:1.4.0_04
Oracle » Jre » Version: 1.4.1

cpe:2.3:a:oracle:jre:1.4.1
Sun » Java Web Start » Version: 1.0

cpe:2.3:a:sun:java_web_start:1.0
Sun » Java Web Start » Version: 1.0.1

cpe:2.3:a:sun:java_web_start:1.0.1
Sun » Java Web Start » Version: 1.2

cpe:2.3:a:sun:java_web_start:1.2
Sun » Jsse » Version: 1.0.3

cpe:2.3:a:sun:jsse:1.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-1229

Products

Pricing

Contact Us