CVE-2003-1229

CVSS V2 High 7.5 CVSS V3 None

Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Overview

CVE ID
CVE-2003-1229

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2003-12-31T05:00:00

Last Modified Date
2022-09-13T18:45:57

Weakness Enumerations

CWE	URL
CWE-295	http://cwe.mitre.org/data/definitions/295.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:sun:jdk:1.3.0_05::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01::linux:::::	1	OR
cpe:2.3:a:sun:java_web_start:1.0:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01::solaris:::::	1	OR
cpe:2.3:a:sun:java_web_start:1.0.1:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01a::windows:::::	1	OR
cpe:2.3:a:sun:java_web_start:1.0.1_01:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::linux:::::	1	OR
cpe:2.3:a:sun:java_web_start:1.0.1_02:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::solaris:::::	1	OR
cpe:2.3:a:sun:java_web_start:1.2:::::::*	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.0_02::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.0_02::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.0_05::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3_02::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.0_05::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3_05::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.4::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.4::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_01a::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.4::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_03::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.1::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.1::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3.1_05::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.1::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.3_02::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0::solaris:::::	1	OR
cpe:2.3:a:sun:jdk:1.3_05::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0::windows:::::	1	OR
cpe:2.3:a:sun:jdk:1.4::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update1:linux:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:linux:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:solaris:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:windows:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:linux:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4.0_02::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:solaris:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4.1::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:windows:::::*	1	OR
cpe:2.3:a:sun:jdk:1.4.1::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1::linux:::::	1	OR
cpe:2.3:a:sun:jdk:1.4.1::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1:linux:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.0::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1:solaris:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.0::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1a:windows:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.0:update1:linux:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:linux:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:solaris:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update2:windows:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:linux:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:solaris:::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.0:update5:windows:::::*	1	OR
cpe:2.3:a:sun:jre:1.4::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1:linux:::::*	1	OR
cpe:2.3:a:sun:jre:1.4::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1:solaris:::::*	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1:update1a:windows:::::*	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1_03::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::solaris:::::	1	OR
cpe:2.3:a:sun:jsse:1.0.3:::::::*	1	OR
cpe:2.3:a:sun:jre:1.3.1_05::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.4::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.4::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.4.0_02::windows:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::linux:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::solaris:::::	1	OR
cpe:2.3:a:sun:jre:1.4.1::windows:::::	1	OR
cpe:2.3:a:sun:jsse:1.0.3:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
7.5

Severity
HIGH

Exploitability Score
10

Impact Score
6.4

References

Reference URL	Reference Tags
http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
http://java.sun.com/products/jsse/CHANGES.txt
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/6682	Patch
http://secunia.com/advisories/7943	Patch Vendor Advisory
http://www.securitytracker.com/id?1006001
http://securitytracker.com/id?1006007
http://securitytracker.com/id?1007483
https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2003-1229
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1229

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 08:15:07				Added to TrackCVE