Vulnerability Name:

CCN-18975

Published:2005-01-18
Updated:2005-01-18
Summary:Sun Microsystems Java Runtime Environment (JRE) and Software Development Kit (SDK) could allow an untrusted Java Applet to gain elevated privileges, caused by a vulnerability in the Sun's Java Plug-in technology.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Sun Alert ID: 57708
Security Vulnerabilities With Java Plug-in in JRE/SDK

Source: CCN
Type: BID-12317
Sun Java Plug-in Multiple Applet Vulnerabilities

Source: XF
Type: UNKNOWN
sun-java-applet-gain-privileges(18975)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun jre 1.3.1
    sun sdk 1.4.0
    sun jre 1.4.0
    sun sdk 1.4.1
    sun jre 1.4.1
    sun jre 1.4.2
    sun sdk 1.4.2
    sun jre 1.3.1 update1
    sun jre 1.3.1 update1a
    sun jre 1.3.1 update4
    sun jre 1.3.1 update8
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    sun sdk 1.3.1_02
    sun sdk 1.3.1_04
    sun sdk 1.3.1_05
    sun sdk 1.3.1_06
    sun sdk 1.3.1_07
    sun sdk 1.3.1_08
    sun sdk 1.3.1_09
    sun sdk 1.3.1_10
    sun sdk 1.3.1_11
    sun sdk 1.3.1_12
    sun jre 1.3.1 update2
    sun jre 1.3.1 update12
    sun sdk 1.3.1_03