Java Plug-In JRE fails to notify when running applets with expired certificates
| javaplugin-jre-expired-certificate (7048) |  High Risk |
Description:
Sun Microsystems Java Plug-In could allow a remote attacker to execute malicious applets on a victim¿s computer, caused by the failure to notify the user once applets have been signed with expired certificates. A remote attacker can use this vulnerability to cause malicious applets to be executed on a victim¿s computer since the applet appears to be signed with a valid certificate.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Fri Aug 24 2001 - 17:58:58 CDT: Java Plugin 1.4 with JRE 1.3 -> Ignores certificates..
- BID-3245: Java Plug-In 1.4/JRE 1.3 Expired Certificate Vulnerability
- CVE-2001-1008: Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
Platforms Affected:
- Sun Java Plug-In 1.4
- Sun JRE 1.3.0
Reported:
Aug 24, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net