PT-2009-1146 · Sun+1 · Java Runtime Environment+2
Published
2007-03-22
·
Updated
2018-10-30
·
CVE-2004-2764
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sun SDK and Java Runtime Environment (JRE) versions 1.4.0 through 1.4.0 04
Sun SDK and Java Runtime Environment (JRE) versions 1.4.1 through 1.4.1 07
Sun SDK and Java Runtime Environment (JRE) versions 1.4.2 through 1.4.2 04
Description
The issue allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, also known as "XML sniffing."
Recommendations
For versions 1.4.0 through 1.4.0 04, update to a version outside of this range to resolve the issue.
For versions 1.4.1 through 1.4.1 07, update to a version outside of this range to resolve the issue.
For versions 1.4.2 through 1.4.2 04, update to a version outside of this range to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp-Ux
Java Runtime Environment
Sun Sdk