Vulnerability Name:

CVE-2002-0058 (CCN-8351)

Assigned:2002-03-04
Published:2002-03-04
Updated:2018-10-12
Summary:Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: SGI Security Advisory 20020807-01-I
Netscape JAVA JRE vulnerability

Source: CCN
Type: BugTraq Mailing List, Mon Mar 04 2002 - 19:32:24 CST
Java HTTP proxy vulnerability

Source: MITRE
Type: CNA
CVE-2002-0058

Source: BUGTRAQ
Type: UNKNOWN
20020305 Java HTTP proxy vulnerability

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0203-186
Sec. Vulnerability in JAVA JRE

Source: SUN
Type: UNKNOWN
00216

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00216
HttpURLConnection

Source: CCN
Type: Compaq SECURITY BULLETIN (SSRT0822)
Java(tm) Runtime Environment - Proxy and JVM Potential Security Vulnerabilities (updated HP Tru64 UNIX solutions)

Source: CCN
Type: CIAC Information Bulletin M-052
Java Applet Can Redirect Browser Traffic

Source: CCN
Type: Microsoft Security Bulletin MS02-013
04 March 2002 Cumulative VM Update

Source: CCN
Type: Microsoft Security Bulletin MS02-069
Flaw in Microsoft VM Could Enable System Compromise (810030)

Source: CCN
Type: Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable System Compromise (816093)

Source: CCN
Type: OSVDB ID: 14270
Sun Java JRE HTTP Proxy Java Applet Session Hijack

Source: CCN
Type: BID-4228
Multiple Vendor Java Virtual Machine Session Hijacking Vulnerability

Source: MS
Type: UNKNOWN
MS02-013

Source: XF
Type: UNKNOWN
java-vm-session-hijacking(8351)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.2.2:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.1.8_007:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3_02:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.2.2:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.1.8_007:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.0_02:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  • OR cpe:/h:hp:nonstop_himalaya:-:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11i:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.31:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:-:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft virtual machine 3802
    sun jdk 1.1.8 update13
    sun jdk 1.1.8 update7
    sun jre 1.1.8 update13
    sun jre 1.1.8 update7
    sun jre 1.2.2 update10
    sun jre 1.3.0 update2
    sun sdk 1.1.8_007
    sun sdk 1.2.2_010
    sun sdk 1.2.2_10
    sun sdk 1.3_02
    hp hp-ux 10.20
    microsoft ie 4.0
    microsoft ie 4.0.1
    microsoft ie 4.0.1 sp1
    microsoft ie 5.0
    microsoft ie 4.0.1 sp2
    microsoft ie 5.5 preview
    microsoft ie 5.5
    microsoft ie 5.5 sp1
    microsoft ie 5.1
    microsoft ie 5.5 sp2
    microsoft ie 5.0.1
    microsoft ie 5.0.1 sp1
    microsoft ie 5.0.1 sp2
    microsoft ie 5.0.1 sp3
    microsoft ie 5.0.1 sp4
    sun jdk 1.1.8 update13
    sun jdk 1.1.8 update7
    sun jre 1.1.8 update13
    sun jre 1.1.8 update7
    sun jre 1.2.2 update10
    sun jre 1.3.0 update2
    sun sdk 1.1.8_007
    sun sdk 1.2.2_010
    sun sdk 1.2.2_10
    microsoft virtual machine 3802
    sun sdk 1.3.0_02
    hp hp-ux 11.00
    compaq tru64 4.0f
    hp hp-ux 11.04
    hp hp-ux 11.11
    compaq tru64 4.0g
    compaq tru64 5.0a
    compaq tru64 5.1
    hp hp-ux 11.20
    hp nonstop himalaya -
    compaq management agents *
    hp hp-ux 11.22
    hp hp-ux 11.23
    hp hp-ux 11.11i
    hp hp-ux 11.31
    compaq insight manager xe -
    hp hp-ux 11.0.4
    hp hp-ux 11.10
    hp hp-ux 11.2
    hp hp-ux 11.4