Vulnerability Name:

CVE-2002-0076 (CCN-8480)

Assigned:2002-03-18
Published:2002-03-18
Updated:2018-10-12
Summary:Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2002-0076

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0203-187
Sec. Vulnerability in JRE Bytecode Verifier

Source: SUN
Type: Vendor Advisory
00218

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00218
Bytecode Verifier

Source: CCN
Type: Compaq SECURITY BULLETIN (SSRT0822)
Java(tm) Runtime Environment - Proxy and JVM Potential Security Vulnerabilities (updated HP Tru64 UNIX solutions)

Source: CCN
Type: CIAC Information Bulletin M-060
Sun Bytecode Verifier Vulnerability

Source: XF
Type: UNKNOWN
java-vm-verifier-variant(8480)

Source: CCN
Type: Microsoft Security Bulletin MS02-013
04 March 2002 Cumulative VM Update

Source: CCN
Type: Microsoft Security Bulletin MS02-069
Flaw in Microsoft VM Could Enable System Compromise (810030)

Source: CCN
Type: Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable System Compromise (816093)

Source: CCN
Type: Microsoft Security Bulletin MS99-045
Patch Available 'Virtual Machine Verifier' Vulnerability

Source: CCN
Type: OSVDB ID: 5376
Sun Java JRE Bytecode Verifier Restriction Bypass

Source: BID
Type: UNKNOWN
4313

Source: CCN
Type: BID-4313
Multiple Vendor Java Virtual Machine Bytecode Verifier Vulnerability

Source: MS
Type: UNKNOWN
MS02-013

Source: XF
Type: UNKNOWN
java-vm-verifier-variant(8480)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:java_jre-jdk:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:java_jre-jdk:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:java_jre-jdk:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.2.2:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3_05:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.1.8:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.1.8:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.2.2:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
  • OR cpe:/a:hp:java_jre-jdk:1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:java_jre-jdk:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:java_jre-jdk:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.3.0_05:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  • OR cpe:/h:hp:nonstop_himalaya:-:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11i:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.31:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:-:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hp java jre-jdk 1.1.8
    hp java jre-jdk 1.2.2
    hp java jre-jdk 1.3
    microsoft virtual machine 3802
    sun jdk 1.1.8 update14
    sun jdk 1.1.8 update8
    sun jre 1.1.8 update14
    sun jre 1.1.8 update8
    sun jre 1.2.2 update10
    sun jre 1.3.0 update5
    sun jre 1.3.1 update1
    sun jre 1.3.1 update1a
    sun sdk 1.2.2_010
    sun sdk 1.2.2_10
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    sun sdk 1.3_05
    hp hp-ux 10.20
    sun jdk 1.1.8 update14
    sun jdk 1.1.8 update8
    sun jre 1.1.8 update14
    sun jre 1.1.8 update8
    sun jre 1.2.2 update10
    sun jre 1.3.0 update5
    sun jre 1.3.1 update1
    sun jre 1.3.1 update1a
    sun sdk 1.2.2_010
    sun sdk 1.2.2_10
    sun sdk 1.3.1_01
    sun sdk 1.3.1_01a
    microsoft virtual machine 3802
    hp java jre-jdk 1.1.8
    hp java jre-jdk 1.2.2
    hp java jre-jdk 1.3
    sun sdk 1.3.0_05
    hp hp-ux 11.00
    compaq tru64 4.0f
    hp hp-ux 11.04
    hp hp-ux 11.11
    compaq tru64 4.0g
    compaq tru64 5.0a
    compaq tru64 5.1
    hp hp-ux 11.20
    hp nonstop himalaya -
    compaq management agents *
    hp hp-ux 11.22
    hp hp-ux 11.23
    hp hp-ux 11.11i
    hp hp-ux 11.31
    compaq insight manager xe -
    hp hp-ux 11.0.4
    hp hp-ux 11.10
    hp hp-ux 11.2
    hp hp-ux 11.4