Vulnerability Details CVE-2004-2764
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
- http://secunia.com/advisories/12206
- http://securitytracker.com/id?1011661
- http://www.osvdb.org/8288
- http://www.securityfocus.com/archive/1/371208
- http://www.securityfocus.com/bid/10844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16864
- http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
- http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
- http://secunia.com/advisories/12206
- http://securitytracker.com/id?1011661
- http://www.osvdb.org/8288
- http://www.securityfocus.com/archive/1/371208
- http://www.securityfocus.com/bid/10844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16864
Products affected by CVE-2004-2764
-
cpe:2.3:a:sun:jre:1.4.0
-
cpe:2.3:a:sun:jre:1.4.0_01
-
cpe:2.3:a:sun:jre:1.4.0_02
-
cpe:2.3:a:sun:jre:1.4.0_03
-
cpe:2.3:a:sun:jre:1.4.0_04
-
cpe:2.3:a:sun:jre:1.4.1
-
cpe:2.3:a:sun:jre:1.4.1_01
-
cpe:2.3:a:sun:jre:1.4.1_02
-
cpe:2.3:a:sun:jre:1.4.1_03
-
cpe:2.3:a:sun:jre:1.4.1_04
-
cpe:2.3:a:sun:jre:1.4.1_05
-
cpe:2.3:a:sun:jre:1.4.1_06
-
cpe:2.3:a:sun:jre:1.4.1_07
-
cpe:2.3:a:sun:jre:1.4.2
-
cpe:2.3:a:sun:jre:1.4.2_01
-
cpe:2.3:a:sun:jre:1.4.2_02
-
cpe:2.3:a:sun:jre:1.4.2_03
-
cpe:2.3:a:sun:jre:1.4.2_04
-
cpe:2.3:a:sun:jre:1.4.2_1
-
cpe:2.3:a:sun:jre:1.4.2_10
-
cpe:2.3:a:sun:jre:1.4.2_11
-
cpe:2.3:a:sun:jre:1.4.2_12
-
cpe:2.3:a:sun:jre:1.4.2_13
-
cpe:2.3:a:sun:jre:1.4.2_14
-
cpe:2.3:a:sun:jre:1.4.2_15
-
cpe:2.3:a:sun:jre:1.4.2_2
-
cpe:2.3:a:sun:jre:1.4.2_21
-
cpe:2.3:a:sun:jre:1.4.2_3
-
cpe:2.3:a:sun:jre:1.4.2_4
-
cpe:2.3:a:sun:jre:1.4.2_5
-
cpe:2.3:a:sun:jre:1.4.2_6
-
cpe:2.3:a:sun:jre:1.4.2_7
-
cpe:2.3:a:sun:jre:1.4.2_8
-
cpe:2.3:a:sun:jre:1.4.2_9
-
cpe:2.3:a:sun:sdk:1.4.0
-
cpe:2.3:a:sun:sdk:1.4.0_01
-
cpe:2.3:a:sun:sdk:1.4.0_02
-
cpe:2.3:a:sun:sdk:1.4.0_03
-
cpe:2.3:a:sun:sdk:1.4.0_04
-
cpe:2.3:a:sun:sdk:1.4.1
-
cpe:2.3:a:sun:sdk:1.4.1_01
-
cpe:2.3:a:sun:sdk:1.4.1_02
-
cpe:2.3:a:sun:sdk:1.4.1_03
-
cpe:2.3:a:sun:sdk:1.4.1_04
-
cpe:2.3:a:sun:sdk:1.4.1_05
-
cpe:2.3:a:sun:sdk:1.4.1_06
-
cpe:2.3:a:sun:sdk:1.4.1_07
-
cpe:2.3:a:sun:sdk:1.4.2
-
cpe:2.3:a:sun:sdk:1.4.2_01
-
cpe:2.3:a:sun:sdk:1.4.2_02
-
cpe:2.3:a:sun:sdk:1.4.2_03
-
cpe:2.3:a:sun:sdk:1.4.2_04