CVE-2005-3904
First published: Wed Nov 30 2005(Updated: )
Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Java Development Kit (JDK) | =1.5.0_03 | |
| Java Development Kit (JDK) | =1.5.0_03 | |
| Java Development Kit (JDK) | =1.5.0_03 | |
| Sun Java Runtime Environment (JRE) | =1.3.0 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update1 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update2 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update3 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update4 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update5 | |
| Sun Java Runtime Environment (JRE) | =1.3.1 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update15 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1a | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update4 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update8 | |
| Sun Java Runtime Environment (JRE) | =1.4.1 | |
| Sun Java Runtime Environment (JRE) | =1.4.2 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_1 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_2 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_3 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_4 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_5 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_6 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_7 | |
| Sun Java Runtime Environment (JRE) | =1.4.2_8 | |
| Sun Java Runtime Environment (JRE) | =1.5.0 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update1 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update2 | |
| Sun Java Runtime Environment (JRE) | =1.5.0-update3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1
- http://www.securityfocus.com/bid/15615
- http://secunia.com/advisories/17748
- http://securitytracker.com/id?1015281
- http://www.kb.cert.org/vuls/id/931684
- http://www-1.ibm.com/support/docview.wss?uid=swg21225628
- http://secunia.com/advisories/17847
- http://secunia.com/advisories/18092
- http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
- http://secunia.com/advisories/18503
- http://www.vupen.com/english/advisories/2005/2636
- http://www.vupen.com/english/advisories/2005/2675
- http://www.vupen.com/english/advisories/2005/2946
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23252
Frequently Asked Questions
What is the severity of CVE-2005-3904?
CVE-2005-3904 is considered to have a high severity due to its potential for arbitrary file access and execution of applications.
How do I fix CVE-2005-3904?
To fix CVE-2005-3904, you should upgrade to the latest version of Java JDK and JRE that addresses this vulnerability.
Which versions of Java are affected by CVE-2005-3904?
CVE-2005-3904 affects Java JDK and JRE versions 1.3.1, 1.4.1, and 1.5.0, specifically those prior to certain updates.
What types of attacks can exploit CVE-2005-3904?
CVE-2005-3904 can be exploited through unknown attack vectors that allow remote attackers to escape the Java sandbox.
Is there a workaround for CVE-2005-3904 if I can't update immediately?
While updating is the best solution, reducing access to the JMX interface may serve as a temporary workaround for CVE-2005-3904.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- canonical/java development kit (jdk)
- version/java development kit (jdk)/1.5.0_03
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.3.0
- version/sun java runtime environment (jre)/1.3.0-update1
- version/sun java runtime environment (jre)/1.3.0-update2
- version/sun java runtime environment (jre)/1.3.0-update3
- version/sun java runtime environment (jre)/1.3.0-update4
- version/sun java runtime environment (jre)/1.3.0-update5
- version/sun java runtime environment (jre)/1.3.1
- version/sun java runtime environment (jre)/1.3.1-update1
- version/sun java runtime environment (jre)/1.3.1-update15
- version/sun java runtime environment (jre)/1.3.1-update1a
- version/sun java runtime environment (jre)/1.3.1-update4
- version/sun java runtime environment (jre)/1.3.1-update8
- version/sun java runtime environment (jre)/1.4.1
- version/sun java runtime environment (jre)/1.4.2
- version/sun java runtime environment (jre)/1.4.2_1
- version/sun java runtime environment (jre)/1.4.2_2
- version/sun java runtime environment (jre)/1.4.2_3
- version/sun java runtime environment (jre)/1.4.2_4
- version/sun java runtime environment (jre)/1.4.2_5
- version/sun java runtime environment (jre)/1.4.2_6
- version/sun java runtime environment (jre)/1.4.2_7
- version/sun java runtime environment (jre)/1.4.2_8
- version/sun java runtime environment (jre)/1.5.0
- version/sun java runtime environment (jre)/1.5.0-update1
- version/sun java runtime environment (jre)/1.5.0-update2
- version/sun java runtime environment (jre)/1.5.0-update3