CVE-2004-2764

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html
http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d
http://secunia.com/advisories/12206	Vendor Advisory
http://securitytracker.com/id?1011661
http://www.osvdb.org/8288
http://www.securityfocus.com/archive/1/371208
http://www.securityfocus.com/bid/10844
https://exchange.xforce.ibmcloud.com/vulnerabilities/16864

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:jre:1.4.0:::::::*
	cpe:2.3:a:sun:jre:1.4.0_01:::::::*
	cpe:2.3:a:sun:jre:1.4.0_01::linux:::::
	cpe:2.3:a:sun:jre:1.4.0_01::solaris:::::
	cpe:2.3:a:sun:jre:1.4.0_01::windows:::::
	cpe:2.3:a:sun:jre:1.4.0_02:::::::*
	cpe:2.3:a:sun:jre:1.4.0_02::linux:::::
	cpe:2.3:a:sun:jre:1.4.0_02::solaris:::::
	cpe:2.3:a:sun:jre:1.4.0_02::windows:::::
	cpe:2.3:a:sun:jre:1.4.0_03:::::::*
	cpe:2.3:a:sun:jre:1.4.0_03::linux:::::
	cpe:2.3:a:sun:jre:1.4.0_03::solaris:::::
	cpe:2.3:a:sun:jre:1.4.0_03::windows:::::
	cpe:2.3:a:sun:jre:1.4.0_04:::::::*
	cpe:2.3:a:sun:jre:1.4.0_04::linux:::::
	cpe:2.3:a:sun:jre:1.4.0_04::solaris:::::
	cpe:2.3:a:sun:jre:1.4.0_04::windows:::::
	cpe:2.3:a:sun:jre:1.4.1:::::::*
	cpe:2.3:a:sun:jre:1.4.1::linux:::::
	cpe:2.3:a:sun:jre:1.4.1::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1::windows:::::
	cpe:2.3:a:sun:jre:1.4.1:update1::::::
	cpe:2.3:a:sun:jre:1.4.1:update2::::::
	cpe:2.3:a:sun:jre:1.4.1:update3::::::
	cpe:2.3:a:sun:jre:1.4.1:update3:linux:::::*
	cpe:2.3:a:sun:jre:1.4.1:update3:solaris:::::*
	cpe:2.3:a:sun:jre:1.4.1:update3:windows:::::*
	cpe:2.3:a:sun:jre:1.4.1:update4::::::
	cpe:2.3:a:sun:jre:1.4.1:update7::::::
	cpe:2.3:a:sun:jre:1.4.1_01:::::::*
	cpe:2.3:a:sun:jre:1.4.1_01::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_01::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_01::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_02:::::::*
	cpe:2.3:a:sun:jre:1.4.1_02::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_02::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_02::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_03:::::::*
	cpe:2.3:a:sun:jre:1.4.1_03::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_03::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_03::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_04:::::::*
	cpe:2.3:a:sun:jre:1.4.1_04::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_04::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_04::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_05:::::::*
	cpe:2.3:a:sun:jre:1.4.1_05::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_05::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_05::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_06:::::::*
	cpe:2.3:a:sun:jre:1.4.1_06::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_06::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_06::windows:::::
	cpe:2.3:a:sun:jre:1.4.1_07:::::::*
	cpe:2.3:a:sun:jre:1.4.1_07::linux:::::
	cpe:2.3:a:sun:jre:1.4.1_07::solaris:::::
	cpe:2.3:a:sun:jre:1.4.1_07::windows:::::
	cpe:2.3:a:sun:jre:1.4.2:::::::*
	cpe:2.3:a:sun:jre:1.4.2::linux:::::
	cpe:2.3:a:sun:jre:1.4.2::solaris:::::
	cpe:2.3:a:sun:jre:1.4.2::windows:::::
	cpe:2.3:a:sun:jre:1.4.2:update1:linux:::::*
	cpe:2.3:a:sun:jre:1.4.2:update1:solaris:::::*
	cpe:2.3:a:sun:jre:1.4.2:update1:windows:::::*
cpe:2.3:a:sun:jre:1.4.2:update2:linux:::::*
cpe:2.3:a:sun:jre:1.4.2:update2:solaris:::::*
cpe:2.3:a:sun:jre:1.4.2:update2:windows:::::*
cpe:2.3:a:sun:jre:1.4.2:update3:linux:::::*
cpe:2.3:a:sun:jre:1.4.2:update3:solaris:::::*
cpe:2.3:a:sun:jre:1.4.2:update3:windows:::::*
cpe:2.3:a:sun:jre:1.4.2:update4:linux:::::*
cpe:2.3:a:sun:jre:1.4.2:update4:solaris:::::*
cpe:2.3:a:sun:jre:1.4.2:update4:windows:::::*
cpe:2.3:a:sun:jre:1.4.2:update5:linux:::::*
cpe:2.3:a:sun:jre:1.4.2:update5:solaris:::::*
cpe:2.3:a:sun:jre:1.4.2:update5:windows:::::*
cpe:2.3:a:sun:jre:1.4.2_01:::::::*
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_02:::::::*
cpe:2.3:a:sun:jre:1.4.2_03:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_04:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_21:::::::*
cpe:2.3:a:sun:sdk:1.4.0:::::::*
cpe:2.3:a:sun:sdk:1.4.0_01:::::::*
cpe:2.3:a:sun:sdk:1.4.0_02:::::::*
cpe:2.3:a:sun:sdk:1.4.0_03:::::::*
cpe:2.3:a:sun:sdk:1.4.0_04:::::::*
cpe:2.3:a:sun:sdk:1.4.1:::::::*
cpe:2.3:a:sun:sdk:1.4.1_01:::::::*
cpe:2.3:a:sun:sdk:1.4.1_02:::::::*
cpe:2.3:a:sun:sdk:1.4.1_03:::::::*
cpe:2.3:a:sun:sdk:1.4.1_04:::::::*
cpe:2.3:a:sun:sdk:1.4.1_05:::::::*
cpe:2.3:a:sun:sdk:1.4.1_06:::::::*
cpe:2.3:a:sun:sdk:1.4.1_07:::::::*
cpe:2.3:a:sun:sdk:1.4.2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_01:::::::*
cpe:2.3:a:sun:sdk:1.4.2_02:::::::*
cpe:2.3:a:sun:sdk:1.4.2_03:::::::*
cpe:2.3:a:sun:sdk:1.4.2_04:::::::*

History

No history.

Information

Published : 2009-06-02 10:30

Updated : 2018-10-30 16:26

NVD link : CVE-2004-2764

Mitre link : CVE-2004-2764

CVE.ORG link : CVE-2004-2764

JSON object : View

Products Affected

sun

CWE

CWE-264

Permissions, Privileges, and Access Controls

10.0 /10