PT-2002-2263 · Oracle+1 · Java+1
Published
2002-12-23
·
Updated
2019-04-30
·
CVE-2002-1325
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Microsoft Virtual Machine (VM) versions 5.0.3805 and earlier
Description:
The issue allows remote attackers to determine a local user's username via a Java applet that accesses the
user.dir system property.Recommendations:
For versions 5.0.3805 and earlier, consider restricting access to Java applets that can access system properties until a fix is available. As a temporary workaround, disabling the ability of Java applets to access the
user.dir system property may help minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Java
Virtual Machine