PT-2003-2461 · Oracle · Java Plug-In

Published

2003-12-31

Updated

2008-09-05

CVE-2003-1516

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Java Plug-in version 1.4.2 01

Description The issue concerns the org.apache.xalan.processor.XSLProcessorVersion class, which allows signed and unsigned applets to share variables. This violates the Java security model and could enable remote attackers to read or write data belonging to a signed applet.

Recommendations For Java Plug-in version 1.4.2 01, consider restricting access to the org.apache.xalan.processor.XSLProcessorVersion class to minimize the risk of exploitation. As a temporary workaround, avoid using shared variables between signed and unsigned applets until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1516

Affected Products

Java Plug-In

PT-2003-2461 · Oracle · Java Plug-In

CVE-2003-1516

Related Identifiers

Affected Products

References · 4