CVE-2001-1008 - OpenCVE

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Java Plug-in Jre

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_plug-in:1.4:::::::*
	cpe:2.3:a:sun:jre:1.3.0:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html	Vendor Advisory
http://www.iss.net/security_center/static/7048.php
http://www.securityfocus.com/bid/3245	Exploit Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2003-03-25T00:00:00

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-1008

JSON object: View

NVD Information

Status : Analyzed

Published: 2001-08-31T04:00:00.000

Modified: 2008-09-05T20:25:27.393

Link: CVE-2001-1008

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-25T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3245", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3245"}, {"name": "javaplugin-jre-expired-certificate(7048)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7048.php"}, {"name": "20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3245", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3245"}, {"name": "javaplugin-jre-expired-certificate(7048)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7048.php"}, {"name": "20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1008", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2003-03-25T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}