CVE-2003-1229
First published: Wed Dec 31 2003(Updated: )
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Java Runtime Environment (JRE) | =1.4.0_02 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_03 | |
| Java Development Kit (JDK) | =1.4.0_02 | |
| Sun Java Web Start | =1.0 | |
| Java Development Kit (JDK) | =1.3.1_01 | |
| Java Development Kit (JDK) | =1.3.0_05 | |
| Sun Java Runtime Environment (JRE) | =1.4.1 | |
| Java Development Kit (JDK) | =1.3.0_02 | |
| Java Development Kit (JDK) | =1.3.1_03 | |
| Java Development Kit (JDK) | =1.4 | |
| Java Development Kit (JDK) | =1.3.1_03 | |
| Sun Java Runtime Environment (JRE) | =1.4 | |
| Java Development Kit (JDK) | =1.3.1_05 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_05 | |
| Java Development Kit (JDK) | =1.4.1 | |
| Sun Java Runtime Environment (JRE) | =1.4 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1a | |
| Java Development Kit (JDK) | =1.3.1_03 | |
| Sun Java Runtime Environment (JRE) | =1.3.0 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_03 | |
| Sun Java Web Start | =1.2 | |
| Sun Java Runtime Environment (JRE) | =1.4.0_02 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1 | |
| Sun Java Runtime Environment (JRE) | =1.4.1 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update5 | |
| Java Development Kit (JDK) | =1.4 | |
| Java Development Kit (JDK) | =1.3.1_05 | |
| Java Development Kit (JDK) | =1.4.0_02 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update2 | |
| Java Development Kit (JDK) | =1.3_05 | |
| Java Development Kit (JDK) | =1.3.0_05 | |
| Java Development Kit (JDK) | =1.3.1_01a | |
| Sun Java Runtime Environment (JRE) | =1.3.0 | |
| Java Development Kit (JDK) | =1.3_02 | |
| Sun Java Runtime Environment (JRE) | =1.3.1 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1 | |
| Sun Java Web Start | =1.0.1_02 | |
| Sun JSSE | =1.0.3 | |
| Java Development Kit (JDK) | =1.3 | |
| Java Development Kit (JDK) | =1.3.1_05 | |
| Java Development Kit (JDK) | =1.4.1 | |
| Java Development Kit (JDK) | =1.3.0_02 | |
| Sun Java Web Start | =1.0.1 | |
| Java Development Kit (JDK) | =1.4.1 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update5 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update2 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update5 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_05 | |
| Sun Java Runtime Environment (JRE) | =1.4 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update1 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update2 | |
| Java Development Kit (JDK) | =1.3.1_01 | |
| Java Development Kit (JDK) | =1.4 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_03 | |
| Java Development Kit (JDK) | =1.4.0_02 | |
| Sun Java Runtime Environment (JRE) | =1.3.1_05 | |
| Sun Java Web Start | =1.0.1_01 | |
| Sun Java Runtime Environment (JRE) | =1.4.0_02 | |
| Sun Java Runtime Environment (JRE) | =1.4.1 | |
| Oracle Java SE | >=1.3.0<=1.4.1 | |
| Sun Java Web Start | >=1.0<=1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html
- http://java.sun.com/products/jsse/CHANGES.txt
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1
- http://www.securityfocus.com/bid/6682
- http://secunia.com/advisories/7943
- http://www.securitytracker.com/id?1006001
- http://securitytracker.com/id?1006007
- http://securitytracker.com/id?1007483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883
Frequently Asked Questions
What is the severity of CVE-2003-1229?
CVE-2003-1229 is considered a high-severity vulnerability due to its impact on trust management in secure communications.
How do I fix CVE-2003-1229?
To fix CVE-2003-1229, upgrade to a patched version of the Java Runtime Environment or Java Development Kit that addresses this vulnerability.
Which versions are affected by CVE-2003-1229?
CVE-2003-1229 affects several versions including JRE 1.4.0 through 1.4.0_01 and JDK 1.3.0 through 1.4.1.
What type of vulnerability is CVE-2003-1229?
CVE-2003-1229 is a logic vulnerability in how X509TrustManager handles client and server trust in Java JSSE.
What impact does CVE-2003-1229 have on security?
CVE-2003-1229 can lead to man-in-the-middle attacks by improperly validating server certificates.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/author
- collector/nvd-historical
- vendor/sun
- vendor/jre
- vendor/jdk
- vendor/java web start
- vendor/jsse
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.4.0_02
- version/sun java runtime environment (jre)/1.3.1_03
- canonical/java development kit (jdk)
- version/java development kit (jdk)/1.4.0_02
- canonical/sun java web start
- version/sun java web start/1.0
- version/java development kit (jdk)/1.3.1_01
- version/java development kit (jdk)/1.3.0_05
- version/sun java runtime environment (jre)/1.4.1
- version/java development kit (jdk)/1.3.0_02
- version/java development kit (jdk)/1.3.1_03
- version/java development kit (jdk)/1.4
- version/sun java runtime environment (jre)/1.4
- version/java development kit (jdk)/1.3.1_05
- version/sun java runtime environment (jre)/1.3.1_05
- version/java development kit (jdk)/1.4.1
- version/sun java runtime environment (jre)/1.3.1-update1a
- version/sun java runtime environment (jre)/1.3.0
- version/sun java web start/1.2
- version/sun java runtime environment (jre)/1.3.1-update1
- version/sun java runtime environment (jre)/1.3.0-update5
- version/sun java runtime environment (jre)/1.3.0-update2
- version/java development kit (jdk)/1.3_05
- version/java development kit (jdk)/1.3.1_01a
- version/java development kit (jdk)/1.3_02
- version/sun java runtime environment (jre)/1.3.1
- version/sun java web start/1.0.1_02
- canonical/sun jsse
- version/sun jsse/1.0.3
- version/java development kit (jdk)/1.3
- version/sun java web start/1.0.1
- version/sun java runtime environment (jre)/1.3.0-update1
- version/sun java web start/1.0.1_01
- vendor/oracle
- canonical/oracle java se
- version/oracle java se/1.3.0
- version/oracle java se/1.4.1