| Vulnerability Name: | CVE-2003-1301 (CCN-34646) |
| Assigned: | 2003-10-27 |
| Published: | 2003-10-27 |
| Updated: | 2018-10-30 |
| Summary: | Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: CCN
Type: BugTraq Mailing List, Sun May 21 2006 - 17:04:44 CDT
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
Source: MISC
Type: UNKNOWN
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719
Source: CCN
Type: Sun Developer Network Bug ID: 4944300
Hard JVM Crash("Unknown software exception")
Source: MISC
Type: UNKNOWN
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300
Source: MITRE
Type: CNA
CVE-2003-1301
Source: CCN
Type: Sun Java Runtime Environment
Java 2 Platform, Standard Edition 1.3
Source: MISC
Type: Exploit
http://www.illegalaccess.org/exploit/ObjectStackOverflow.html
Source: CCN
Type: OSVDB ID: 26551
Sun Java Runtime Environment Garbage Collector Deeply Nested Object Array DoS
Source: BUGTRAQ
Type: UNKNOWN
20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
Source: BID
Type: UNKNOWN
18058
Source: CCN
Type: BID-18058
Sun Java Runtime Environment Nested Array Objects Denial Of Service Vulnerability
Source: XF
Type: UNKNOWN
sun-java-arrays-dos(34646)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |