Title: Java Plug-In 1.4/JRE 1.3 Expired Certificate Vulnerability
Severity: HIGH
Description:
Java Plug-In is a product from Sun that allows for Java applets to be run in web browsers.
It has been reported that a vulnerability exists when Java Plug-In 1.4 is used on systems with Java Runtime Environment version 1.3 installed. Users may not be alerted by the plugin/JRE when applets have been signed with expired certificates. As a result, the user may be lead to believe that the applet is valid and allow it to be run on the local computer.
It may be possible for applets to run with privileges that allow for the client host running it to be compromised. An attacker may be able to obtain an expired or invalid certificate, sign a malicious applet with it and place it on a website trusted by a victim.
Note: This vulnerability is reported to affect systems with Plug-In 1.4 and JRE 1.3 installed.
The existence of this vulnerability has not yet been confirmed by the vendor.
Affected Products:
- Sun Java 2 Runtime Environment 1.3.0.0
- Sun Java Plug-In 1.4.0
References:
- Sun Microsystems: Java 2 Runtime Environment 1.3 Homepage
- Sun Microsystems: Java 2 Runtime Environment 1.4 Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
