var-200503-0071
Vulnerability from variot

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. This issue occurs only in Internet Explorer running on Windows. The second issue allows an untrusted applet to interfere with another applet embedded in the same web page. This issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\'\'sandbox\'\' and all restrictions to access restricted resources and systems.

I. The Critical Patch Update provides information about which components are affected, what access and authorization are required, and how data confidentiality, integrity, and availability may be impacted. Public reports describe vulnerabilities related to insecure password and temporary file handling and SQL injection.

US-CERT strongly recommends that sites running Oracle review the Critical Patch Update, apply patches, and take other mitigating action as appropriate.

Oracle HTTP Server is based on the Apache HTTP Server. Some Oracle products include Java components from Sun Microsystems.

US-CERT is tracking all of these issues under VU#613562. As further information becomes available, we will publish individual Vulnerability Notes. Impact

The impacts of these vulnerabilities vary depending on product or component and configuration. An attacker who compromises an Oracle database may be able to gain access to sensitive information. E-Business Suite patches are not cumulative, so E-Business Suite customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply. Oracle Collaboration Suite patches are not cumulative, so Oracle Collaboration Suite customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply.

Workarounds

It may be possible to mitigate some vulnerabilities by disabling or removing unnecessary components, restricting network access, and restricting access to temporary files.

Appendix A.

Appendix B. References

 * Critical Patch Update - July 2005-
   <http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.h
   tml>

 * Critical Patch Updates and Security Alerts -
   <http://www.oracle.com/technology/deploy/security/alerts.htm>

 * Map of Public Vulnerability to Advisory/Alert -
   <http://www.oracle.com/technology/deploy/security/pdf/public_vuln_
   to_advisory_mapping.html>

 * US-CERT Vulnerability Note VU#613562 -
   <http://www.kb.cert.org/vuls/id/613562>

 * Oracle JDeveloper passes Plaintext Password -
   <http://www.red-database-security.com/advisory/oracle_jdeveloper_p
   asses_plaintext_password.html>

 * Oracle JDeveloper Plaintext Passwords -
   <http://www.red-database-security.com/advisory/oracle_jdeveloper_p
   laintext_password.html>

 * Oracle Forms Builder Password in Temp Files -
   <http://www.red-database-security.com/advisory/oracle_formsbuilder
   _temp_file_issue.html>

 * Oracle Forms Insecure Temporary File Handling -
   <http://www.red-database-security.com/advisory/oracle_forms_unsecu
   re_temp_file_handling.html>

 * Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i
   - <http://www.integrigy.com/alerts/OraCPU0705.htm>

Information used in this document came from Red-Database-Security and Oracle. Oracle credits Qualys Inc., Application Security, Inc., Red Database Security GmbH, Integrigy, NGS Software, nCircle Network Security, and Rigel Kent Security.


Feedback can be directed to US-CERT Technical Staff.

Please send mail to cert@cert.org with the subject:

"TA05-194A Feedback VU#613562"


This document is available at

http://www.us-cert.gov/cas/techalerts/TA05-194A.html


Produced 2005 by US-CERT, a government organization.


Terms of use:

http://www.us-cert.gov/legal.html


Revision History

July 13, 2005: Initial release

Last updated July 13, 2005

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQtV4cxhoSezw4YfQAQLYkgf+I48YLEeutCHbzFWvz77pu+m4hs6Gltzf Nd6nhkzdfsU6arAqb1hXG5p7GEJ1adJB8Nz+df12MKxMVJAWfW6xjlEhlsHnuVJM hLThHyI166U34qbQt0SWKwlg1aKonAuP3p6XY16LCm7Vbq9G1HQgDGpK02LHbf/8 rWs2bUNqhPy7iz6wRwrF0w7CxJxI6+m6nfVnASwVknDCClz0bRyyw5oT6GUTeXOa X+DlnbMj7BLv08gJve/f5pSf7dQIZObHo6jBEV0/99ZW9P6h4dYAtLznOUYAd+5Q 8aIzfiK5RVe5uUFJsuTu+4dTV1lXfTF5eKEWNu5PWQHNT1NTXWIfCA== =HYcV -----END PGP SIGNATURE----- . BACKGROUND

Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop.

II.

A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer.

III. ANALYSIS

Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser.

IV. DETECTION

iDEFENSE has confirmed the existence of this vulnerability in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine.

V. Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative.

VI. VENDOR RESPONSE

This issue has been fixed in J2SE v 1.4.2_06 available at:

  [15]http://java.sun.com/j2se/1.4.2/download.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1029 to this issue. This is a candidate for inclusion in the CVE list ([16]http://cve.mitre.org), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

06/29/2004 Initial vendor notification 06/30/2004 Initial vendor response 08/16/2004 iDEFENSE clients notified 11/22/2004 Public disclosure

IX. CREDIT

Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery.

Get paid for vulnerability research [17]http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright \xa9 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [18]customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200503-0071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jre",
        "scope": "eq",
        "trust": 3.4,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 2.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 2.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk .0 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 09",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 07",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 08",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 06",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 4",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "sdk 05",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk .0 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jre 05",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 02",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "sdk 03",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "1.4.0_01"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "1.3.1_07"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "1.3.1_09"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 1.5,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "enterprise firewall",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "sun",
        "version": "1.3.0"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "java sdk-rte",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "java sdk-rte",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "gateway security 5400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2.0"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_04"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_02"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_02"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_06"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_06"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "10.0"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.23"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2_03"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_01"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_03"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_03"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_02"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_02"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "gentoo",
        "version": "*"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_4"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_03"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_01a"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2_05"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2_04"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_07"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2_02"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_07"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.00"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.2_01"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "11.22"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_05"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_05"
      },
      {
        "model": "gateway security 5400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2.0.1"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_04"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_03"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_03"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_02"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.3.1_02"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.0_01"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_01"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "1.4.1_01"
      },
      {
        "model": "jre .0 02",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 06",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "jre 01a",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre .0 05",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 11",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 09",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 08",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 10",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 12",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "jre 14",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "sdk 13",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "notes",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.5.6"
      },
      {
        "model": "notes",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.3.1_12"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.1"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.2_05"
      },
      {
        "model": "sdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.3.1_12"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.1"
      },
      {
        "model": "sdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.2_05"
      },
      {
        "model": "enterprise firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "v8.0"
      },
      {
        "model": "gateway security 5400 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "v2.0"
      },
      {
        "model": "gateway security 5400 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "v2.0.1"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.00"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.22"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10g"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10g"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11i"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10g"
      },
      {
        "model": "jinitiator",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "sdk 01a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "jre .0 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "enterprise manager database control 10g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "enterprise manager database control 10g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "jinitiator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.3.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "sdk 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "sdk .0 01",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "enterprise manager application server control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.0.6.3"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "sdk 04",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3.1"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "workflow",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "11.5.9.5"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "jre",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jinitiator",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.1.8"
      },
      {
        "model": "enterprise manager application server control",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "workflow",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "jre 07",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.1"
      },
      {
        "model": "sdk 02",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.6,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "forms and reports",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "6.0.8.25"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "forms and reports",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "4.5.10.22"
      },
      {
        "model": "express server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "6.3.4.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "enterprise manager database control 10g",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "jre 06",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sun",
        "version": "1.4.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "java runtime environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.4.1"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "java runtime environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "enterprise firewall nt/2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "http server for server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "gateway security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "54002.0.1"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "java runtime environment 05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "gateway security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "54002.0"
      },
      {
        "model": "jre .0 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "jre 04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8.1"
      },
      {
        "model": "http server for server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "http server roll up",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.22"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "jre 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "java desktop system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2003"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "http server for apps only .1s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2"
      },
      {
        "model": "enterprise firewall solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.0"
      },
      {
        "model": "jre .0 03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "java runtime environment 02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.3"
      },
      {
        "model": "java desktop system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2.0"
      },
      {
        "model": "http server for server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "jre 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "java runtime environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.3"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "java sdk/rte for hp-ux pa-risc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "java sdk/rte for hp-ux pa-risc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.3"
      },
      {
        "model": "java runtime environment 01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.3.1"
      },
      {
        "model": "java runtime environment 08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "21.3.1"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.6"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.5"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.4"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.3"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.5"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "developer suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.2"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.1"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.12"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.5"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.5"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.3"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.1"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.3"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.6"
      },
      {
        "model": "lotus notes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.2"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.4"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "lotus notes fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.5"
      },
      {
        "model": "lotus notes fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.5"
      },
      {
        "model": "lotus notes fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.6"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.3"
      },
      {
        "model": "lotus notes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.5.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:notes",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:jre",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:sdk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:symantec:enterprise_firewall",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:symantec:gateway_security_5400",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:hp-ux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jouko Pynnonen  jouko@iki.fi",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-1029",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2004-1029",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2004-1029",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-9459",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2004-1029",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#760344",
            "trust": 0.8,
            "value": "17.55"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#613562",
            "trust": 0.8,
            "value": "55.60"
          },
          {
            "author": "NVD",
            "id": "CVE-2004-1029",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200503-002",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9459",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and  denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. \nOracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities.  This Critical Patch Update addresses the vulnerabilities for supported releases.  Earlier, unsupported releases are likely to be affected by the issues as well. \nThe first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. \nThis issue occurs only in Internet Explorer running on Windows. \nThe second issue allows an untrusted applet to interfere with another applet embedded in the same web page. \nThis issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\\\u0027\\\u0027sandbox\\\u0027\\\u0027 and all restrictions to access restricted resources and systems. \n\n\nI. The Critical Patch Update provides information about which\n   components are affected, what access and authorization are required,\n   and how data confidentiality, integrity, and availability may be\n   impacted. Public reports describe vulnerabilities related to insecure\n   password and temporary file handling and SQL injection. \n\n   US-CERT strongly recommends that sites running Oracle review the\n   Critical Patch Update, apply patches, and take other mitigating action\n   as appropriate. \n\n   Oracle HTTP Server is based on the Apache HTTP Server. Some Oracle\n   products include Java components from Sun Microsystems. \n\n   US-CERT is tracking all of these issues under VU#613562. As further\n   information becomes available, we will publish individual\n   Vulnerability Notes. Impact\n\n   The impacts of these vulnerabilities vary depending on product or\n   component and configuration. An attacker who compromises an Oracle database may\n   be able to gain access to sensitive information. \n     E-Business Suite patches are not cumulative, so E-Business Suite\n     customers should refer to previous Critical Patch Updates to\n     identify previous fixes they wish to apply. \n     Oracle Collaboration Suite patches are not cumulative, so Oracle\n     Collaboration Suite customers should refer to previous Critical\n     Patch Updates to identify previous fixes they wish to apply. \n\n\nWorkarounds\n\n   It may be possible to mitigate some vulnerabilities by disabling or\n   removing unnecessary components, restricting network access, and\n   restricting access to temporary files. \n\n\nAppendix A. \n\n\nAppendix B. References\n\n     * Critical Patch Update - July 2005-\n       \u003chttp://www.oracle.com/technology/deploy/security/pdf/cpujul2005.h\n       tml\u003e\n\n     * Critical Patch Updates and Security Alerts -\n       \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n     * Map of Public Vulnerability to Advisory/Alert -\n       \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_\n       to_advisory_mapping.html\u003e\n\n     * US-CERT Vulnerability Note VU#613562 -\n       \u003chttp://www.kb.cert.org/vuls/id/613562\u003e\n\n     * Oracle JDeveloper passes Plaintext Password -\n       \u003chttp://www.red-database-security.com/advisory/oracle_jdeveloper_p\n       asses_plaintext_password.html\u003e\n\n     * Oracle JDeveloper Plaintext Passwords -\n       \u003chttp://www.red-database-security.com/advisory/oracle_jdeveloper_p\n       laintext_password.html\u003e\n\n     * Oracle Forms Builder Password in Temp Files -\n       \u003chttp://www.red-database-security.com/advisory/oracle_formsbuilder\n       _temp_file_issue.html\u003e\n\n     * Oracle Forms Insecure Temporary File Handling -\n       \u003chttp://www.red-database-security.com/advisory/oracle_forms_unsecu\n       re_temp_file_handling.html\u003e\n\n     * Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i\n       - \u003chttp://www.integrigy.com/alerts/OraCPU0705.htm\u003e\n\n   _________________________________________________________________\n\n   Information used in this document came from Red-Database-Security and\n   Oracle. Oracle credits Qualys Inc., Application Security, Inc., Red\n   Database Security GmbH, Integrigy, NGS Software, nCircle Network\n   Security, and Rigel Kent Security. \n   _________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. \n\n   Please send mail to cert@cert.org with the subject:\n\n   \"TA05-194A Feedback VU#613562\"\n   _________________________________________________________________\n\n   This document is available at\n\n   \u003chttp://www.us-cert.gov/cas/techalerts/TA05-194A.html\u003e\n   _________________________________________________________________\n\n   Produced 2005 by US-CERT, a government organization. \n   _________________________________________________________________\n\n   Terms of use:\n\n   \u003chttp://www.us-cert.gov/legal.html\u003e\n   _________________________________________________________________\n\n   Revision History\n\n   July 13, 2005: Initial release\n   \n   Last updated July 13, 2005 \n\n   \n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQtV4cxhoSezw4YfQAQLYkgf+I48YLEeutCHbzFWvz77pu+m4hs6Gltzf\nNd6nhkzdfsU6arAqb1hXG5p7GEJ1adJB8Nz+df12MKxMVJAWfW6xjlEhlsHnuVJM\nhLThHyI166U34qbQt0SWKwlg1aKonAuP3p6XY16LCm7Vbq9G1HQgDGpK02LHbf/8\nrWs2bUNqhPy7iz6wRwrF0w7CxJxI6+m6nfVnASwVknDCClz0bRyyw5oT6GUTeXOa\nX+DlnbMj7BLv08gJve/f5pSf7dQIZObHo6jBEV0/99ZW9P6h4dYAtLznOUYAd+5Q\n8aIzfiK5RVe5uUFJsuTu+4dTV1lXfTF5eKEWNu5PWQHNT1NTXWIfCA==\n=HYcV\n-----END PGP SIGNATURE-----\n. BACKGROUND\n\n   Java Plug-in technology, included as part of the Java 2 Runtime\n   Environment, Standard Edition (JRE), establishes a connection between\n   popular browsers and the Java platform. This connection enables\n   applets\n   on Web sites to be run within a browser on the desktop. \n\n   II. \n\n   A number of private Java packages exist within the Java Virtual\n   Machine\n   (VM) and are used internally by the VM. Security restrictions prevent\n   Applets from accessing these packages. Any attempt to access these\n   packages, results in a thrown exception of \u0027AccessControlException\u0027,\n   unless the Applet is signed and the user has chosen to trust the\n   issuer. \n\n   III. ANALYSIS\n\n   Successful exploitation allows remote attackers to execute hostile\n   Applets that can access, download, upload or execute arbitrary files\n   as\n   well as access the network. A target user must be running a browser on\n   top of a vulnerable Java Virtual Machine to be affected. It is\n   possible\n   for an attacker to create a cross-platform, cross-browser exploit for\n   this vulnerability. Once compromised, an attacker can execute\n   arbitrary\n   code under the privileges of the user who instantiated the vulnerable\n   browser. \n\n   IV. DETECTION\n\n   iDEFENSE has confirmed the existence of this vulnerability in Java 2\n   Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun\n   Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox\n   on\n   both Windows and Unix platforms can be exploited if they are running a\n   vulnerable Java Virtual Machine. \n\n   V. \n   Other Java Virtual Machines, such as the Microsoft VM, are available\n   and\n   can be used as an alternative. \n\n   VI. VENDOR RESPONSE\n\n   This issue has been fixed in J2SE v 1.4.2_06 available at:\n\n      [15]http://java.sun.com/j2se/1.4.2/download.html\n\n   VII. CVE INFORMATION\n\n   The Common Vulnerabilities and Exposures (CVE) project has assigned\n   the\n   name CAN-2004-1029 to this issue. This is a candidate for inclusion in\n   the CVE list ([16]http://cve.mitre.org), which standardizes names for\n   security problems. \n\n   VIII. DISCLOSURE TIMELINE\n\n   06/29/2004   Initial vendor notification\n   06/30/2004   Initial vendor response\n   08/16/2004   iDEFENSE clients notified\n   11/22/2004   Public disclosure\n\n   IX. CREDIT\n\n   Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery. \n\n   Get paid for vulnerability research\n   [17]http://www.idefense.com/poi/teams/vcp.jsp\n\n   X. LEGAL NOTICES\n\n   Copyright \\xa9 2004 iDEFENSE, Inc. \n\n   Permission is granted for the redistribution of this alert\n   electronically. It may not be edited in any way without the express\n   written consent of iDEFENSE. If you wish to reprint the whole or any\n   part of this alert in any other medium other than electronically,\n   please\n   email [18]customerservice@idefense.com for permission. \n\n   Disclaimer: The information in the advisory is believed to be accurate\n   at the time of publishing based on currently available information. \n   Use\n   of the information constitutes acceptance for use in an AS IS\n   condition. \n   There are no warranties with regard to this information. Neither the\n   author nor the publisher accepts any liability for any direct,\n   indirect,\n   or consequential loss or damage arising from use of, or reliance on,\n   this information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      },
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "PACKETSTORM",
        "id": "38687"
      },
      {
        "db": "PACKETSTORM",
        "id": "35118"
      }
    ],
    "trust": 4.86
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-9459",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2004-1029",
        "trust": 3.5
      },
      {
        "db": "SECUNIA",
        "id": "13271",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#760344",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "12317",
        "trust": 2.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0599",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "29035",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "61",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "18188",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "11726",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "14238",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA05-194A",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "14279",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002",
        "trust": 0.7
      },
      {
        "db": "SUNALERT",
        "id": "101523",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "57591",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5674",
        "trust": 0.6
      },
      {
        "db": "IDEFENSE",
        "id": "20041122 SUN JAVA PLUGIN ARBITRARY PACKAGE ACCESS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2005-02-22",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "35118",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "24763",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-78455",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38687",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "db": "PACKETSTORM",
        "id": "38687"
      },
      {
        "db": "PACKETSTORM",
        "id": "35118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "id": "VAR-200503-0071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T21:56:56.974000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBUX01214",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00897307"
      },
      {
        "title": "HPSBUX01100",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00899041"
      },
      {
        "title": "HPSBUX01214",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01214.html"
      },
      {
        "title": "HPSBUX01100",
        "trust": 0.8,
        "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01100.html"
      },
      {
        "title": "1257249",
        "trust": 0.8,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
      },
      {
        "title": "j2sdk",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=45#update_content"
      },
      {
        "title": "jdksetup",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=22#update_content"
      },
      {
        "title": "201660",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201660-1"
      },
      {
        "title": "SYM05-001",
        "trust": 0.8,
        "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.01.04.html"
      },
      {
        "title": "SYM05-001",
        "trust": 0.8,
        "url": "http://www.symantec.com/region/jp/avcenter/security/content/2005.01.04.html"
      },
      {
        "title": "Critical Patch Update - July 2005",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
      },
      {
        "title": "Critical Patch Updates and Security Alerts ",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/alerts.htm"
      },
      {
        "title": "Map of Public Vulnerability to Advisory/Alert",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
      },
      {
        "title": "Critical Patch Update - July 2005",
        "trust": 0.8,
        "url": "http://otn.oracle.co.jp/security/050715_71/top.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jouko.iki.fi/adv/javaplugin.html"
      },
      {
        "trust": 2.5,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/760344"
      },
      {
        "trust": 2.2,
        "url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities"
      },
      {
        "trust": 2.0,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/feb/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/12317"
      },
      {
        "trust": 1.7,
        "url": "http://rpmfind.net/linux/rpm/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/13271"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29035"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/61"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/13271/"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/18188"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5674"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0599"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18188"
      },
      {
        "trust": 0.8,
        "url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities\u0026flashstatus=false"
      },
      {
        "trust": 0.8,
        "url": "http://java.sun.com/products/plugin/index.jsp"
      },
      {
        "trust": 0.8,
        "url": "http://java.sun.com/j2se/desktopjava/jre/index.jsp"
      },
      {
        "trust": 0.8,
        "url": "http://java.sun.com/docs/books/tutorial/essential/system/securityintro.html"
      },
      {
        "trust": 0.8,
        "url": "http://java.sun.com/j2se/1.5.0/docs/api/java/security/accesscontrolexception.html"
      },
      {
        "trust": 0.8,
        "url": "http://java.sun.com/docs/books/tutorial/reflect/"
      },
      {
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/alerts.htm "
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1029"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1029"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/11726"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2005/1074"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vn/jvnta05-194a"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14279"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14238"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta05-194a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/613562"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0599"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5674"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://java.sun.com/products/plugin/versions.html#answers"
      },
      {
        "trust": 0.3,
        "url": "http://java.sun.com"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57741-1"
      },
      {
        "trust": 0.3,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/381940"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/382281"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/382072"
      },
      {
        "trust": 0.3,
        "url": "http://www.integrigy.com/analysis.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/406293"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/404966"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1"
      },
      {
        "trust": 0.1,
        "url": "http://www.idefense.com/application/poi/display?id=158\u0026amp;type=vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_p"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/613562\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.h"
      },
      {
        "trust": 0.1,
        "url": "http://www.red-database-security.com/advisory/oracle_formsbuilder"
      },
      {
        "trust": 0.1,
        "url": "http://www.integrigy.com/alerts/oracpu0705.htm\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta05-194a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.red-database-security.com/advisory/oracle_forms_unsecu"
      },
      {
        "trust": 0.1,
        "url": "http://www.idefense.com/poi/teams/vcp.jsp"
      },
      {
        "trust": 0.1,
        "url": "http://java.sun.com/j2se/1.4.2/download.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-1029"
      },
      {
        "trust": 0.1,
        "url": "http://java.sun.com/products/plugin/."
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "db": "PACKETSTORM",
        "id": "38687"
      },
      {
        "db": "PACKETSTORM",
        "id": "35118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "db": "PACKETSTORM",
        "id": "38687"
      },
      {
        "db": "PACKETSTORM",
        "id": "35118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-11-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "date": "2005-07-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "date": "2005-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "date": "2004-11-22T00:00:00",
        "db": "BID",
        "id": "11726"
      },
      {
        "date": "2005-07-12T00:00:00",
        "db": "BID",
        "id": "14238"
      },
      {
        "date": "2005-01-20T00:00:00",
        "db": "BID",
        "id": "12317"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "date": "2005-07-14T07:18:49",
        "db": "PACKETSTORM",
        "id": "38687"
      },
      {
        "date": "2004-11-24T07:03:46",
        "db": "PACKETSTORM",
        "id": "35118"
      },
      {
        "date": "2004-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "date": "2005-03-01T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-11-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#760344"
      },
      {
        "date": "2005-10-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#613562"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9459"
      },
      {
        "date": "2009-07-12T08:06:00",
        "db": "BID",
        "id": "11726"
      },
      {
        "date": "2009-07-12T16:06:00",
        "db": "BID",
        "id": "14238"
      },
      {
        "date": "2008-04-07T16:18:00",
        "db": "BID",
        "id": "12317"
      },
      {
        "date": "2008-03-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000497"
      },
      {
        "date": "2009-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2005-000876"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200503-002"
      },
      {
        "date": "2017-10-11T01:29:40.293000",
        "db": "NVD",
        "id": "CVE-2004-1029"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "14238"
      },
      {
        "db": "BID",
        "id": "12317"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sun Java Plug-in fails to restrict access to private Java packages",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#760344"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "11726"
      },
      {
        "db": "BID",
        "id": "12317"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.