CERTA-2004-AVI-169

Vulnerability from certfr_avis - Published: - Updated:

None

Description

JSSE (Java Secure Socket Extension) est une extension du langage Java implémentant une version Java des protocoles SSL (Socket Secure Layer) et TLS (Transport Socket Layer) ainsi que des fonctionnalités de chiffrement, de contrôle d'intégrité et d'authentification. JSSE à été intégré à JAVA 2 SDK version 1.4.

Selon Sun, une vulnérabilité est présente dans la validation des certificats permettant ainsi à un site web malicieux de se faire passer pour un site de confiance lors d'une connexion SSL.

Solution

La version 1.0.3_03 de JSSE corrige cette vulnérabilité :

http://java.sun.com/products/jsse/index-103.html

JSSE 1.0.3, 1.0.3_01 et 1.0.3_02 pour les plates-formes Linux, Solaris et Windows.

La version de JSSE intégrée à JAVA 2 SDK 1.4.x n'est pas vulnérable.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJSSE 1.0.3, 1.0.3_01 et 1.0.3_02 pour  les plates-formes Linux, Solaris et Windows.  \u003cP\u003eLa version de JSSE int\u00e9gr\u00e9e \u00e0 JAVA 2 SDK 1.4.x n\u0027est pas  vuln\u00e9rable.\u003c/P\u003e\u003c/p\u003e",
  "content": "## Description\n\nJSSE (Java Secure Socket Extension) est une extension du langage Java\nimpl\u00e9mentant une version Java des protocoles SSL (Socket Secure Layer)\net TLS (Transport Socket Layer) ainsi que des fonctionnalit\u00e9s de\nchiffrement, de contr\u00f4le d\u0027int\u00e9grit\u00e9 et d\u0027authentification. JSSE \u00e0 \u00e9t\u00e9\nint\u00e9gr\u00e9 \u00e0 JAVA 2 SDK version 1.4.\n\n  \n\nSelon Sun, une vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans la validation des\ncertificats permettant ainsi \u00e0 un site web malicieux de se faire passer\npour un site de confiance lors d\u0027une connexion SSL.\n\n## Solution\n\nLa version 1.0.3_03 de JSSE corrige cette vuln\u00e9rabilit\u00e9 :\n\n    http://java.sun.com/products/jsse/index-103.html\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2004-AVI-169",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Java Secure Socket Extension (JSSE)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 #57560 de Sun",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57560"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.