CVE-2003-1516

Name of the Vulnerable Software and Affected Versions Java Plug-in version 1.4.2 01

Description The issue concerns the org.apache.xalan.processor.XSLProcessorVersion class, which allows signed and unsigned applets to share variables. This violates the Java security model and could enable remote attackers to read or write data belonging to a signed applet.

Recommendations For Java Plug-in version 1.4.2 01, consider restricting access to the org.apache.xalan.processor.XSLProcessorVersion class to minimize the risk of exploitation. As a temporary workaround, avoid using shared variables between signed and unsigned applets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.