Vulnerability CVE-2003-1301 - CERT Civis.Net

Vulnerability Name:

CVE-2003-1301 (CCN-34646)

Assigned:

2003-10-27

Published:

2003-10-27

Updated:

2018-10-30

Summary:

Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Sun May 21 2006 - 17:04:44 CDT
Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06

Source: MISC
Type: UNKNOWN
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719

Source: CCN
Type: Sun Developer Network Bug ID: 4944300
Hard JVM Crash("Unknown software exception")

Source: MISC
Type: UNKNOWN
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300

Source: MITRE
Type: CNA
CVE-2003-1301

Source: CCN
Type: Sun Java Runtime Environment
Java 2 Platform, Standard Edition 1.3

Source: MISC
Type: Exploit
http://www.illegalaccess.org/exploit/ObjectStackOverflow.html

Source: CCN
Type: OSVDB ID: 26551
Sun Java Runtime Environment Garbage Collector Deeply Nested Object Array DoS

Source: BUGTRAQ
Type: UNKNOWN
20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06

Source: BID
Type: UNKNOWN
18058

Source: CCN
Type: BID-18058
Sun Java Runtime Environment Nested Array Objects Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
sun-java-arrays-dos(34646)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

Denotes that component is vulnerable