Vulnerability Details CVE-2003-1301
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
- http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
- http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
- http://www.securityfocus.com/archive/1/434705/100/0/threaded
- http://www.securityfocus.com/bid/18058
- http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
- http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
- http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
- http://www.securityfocus.com/archive/1/434705/100/0/threaded
- http://www.securityfocus.com/bid/18058
Products affected by CVE-2003-1301
-
cpe:2.3:a:sun:jre:1.4.2
-
cpe:2.3:a:sun:jre:1.4.2_1
-
cpe:2.3:a:sun:jre:1.4.2_10
-
cpe:2.3:a:sun:jre:1.4.2_2
-
cpe:2.3:a:sun:jre:1.4.2_3
-
cpe:2.3:a:sun:jre:1.4.2_4
-
cpe:2.3:a:sun:jre:1.4.2_5
-
cpe:2.3:a:sun:jre:1.4.2_6
-
cpe:2.3:a:sun:jre:1.4.2_7
-
cpe:2.3:a:sun:jre:1.4.2_8
-
cpe:2.3:a:sun:jre:1.4.2_9
-
cpe:2.3:a:sun:jre:1.5.0