Vulnerability Note VU#393292

Sun Java Runtime Environment allows untrusted applets to access information within trusted applets

Original Release date: 10 Jun 2003 | Last revised: 10 Jun 2003

Overview

The Sun Java Runtime Environment (JRE) contains a vulnerability that may lead to sensitive information being leaked.

Description

Sun Microsystems describes the Sun JRE as follows:

    The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets and applications written in the Java programming language. It does not contain tools and utilities such as compilers or debuggers for developing applets and applications.

Sun Alert 55100 indicates that a vulnerability in the Sun JRE "may allow an untrusted applet to access information from a trusted applet. This is not allowed by the Java security model. The trusted applet must contain code that exploits this vulnerability."

Impact

An attacker may be able to gain access to sensitive information.

Solution

Upgrade to the latest versions of Sun SDK and JRE, which are available from http://java.sun.com/j2se/.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Sun Microsystems Inc.Affected-10 Jun 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by RecipeXperience.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 04 Jun 2003
  • Date First Published: 10 Jun 2003
  • Date Last Updated: 10 Jun 2003
  • Severity Metric: 5.62
  • Document Revision: 14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.