Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Remediation

References

CVE-2003-1229

Related Vulnerabilities

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)

WordPress Plugin wp-football Multiple Cross-Site Scripting Vulnerabilities (1.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4307)

WordPress Plugin 4k Icons for Visual Composer-Free Cross-Site Scripting (1.0)

WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (2.3.12)

Severity

High

Classification

CVE-2003-1229 CWE-295

Tags

Missing Update Known Vulnerabilities