ID |
CVE-2001-1008
|
Summary |
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 05-09-2008 - 20:25) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 3245 | bugtraq | 20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. | xf | javaplugin-jre-expired-certificate(7048) |
|
Last major update |
05-09-2008 - 20:25 |
Published |
31-08-2001 - 04:00 |
Last modified |
05-09-2008 - 20:25 |