• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Sun JRE/SDK Clipboard Tapping Vulnerability

Severity: MODERATE

Description:

An applet running under vulnerabile version of the Sun java runtime environment has access to the system clipboard, even when this access has not been granted. In the default java security model for applets, this access should not be allowed.

This may allow a malicious applet to gain access to potentially sensitive information in the system clipboard. The applet may expose this information to a remote attacker.

Affected Products:

• Apple Macintosh Runtime for Java 2.2.4
• HP HP-UX 10.20.0
• HP HP-UX 11.0.0
• Microsoft Internet Explorer Macintosh Edition 5.0.0
• Sun JRE (Linux Production Release) 1.2.2
• Sun JRE (Linux Production Release) 1.2.2 _003
• Sun JRE (Linux Production Release) 1.2.2 _004
• Sun JRE (Linux Production Release) 1.2.2 _005
• Sun JRE (Linux Production Release) 1.2.2 _006
• Sun JRE (Linux Production Release) 1.2.2 _007
• Sun JRE (Linux Production Release) 1.3.0 .0
• Sun JRE (Linux Production Release) 1.3.0 .0_01
• Sun JRE (Linux Production Release) 1.3.0 .0_02
• Sun JRE (Solaris Production Release) 1.2.2 _07
• Sun JRE (Solaris Production Release) 1.3.0 .0_02
• Sun JRE (Solaris Reference Release) 1.2.2 _007
• Sun JRE (Windows Production Release) 1.2.2 _007
• Sun JRE (Windows Production Release) 1.3.0 .0_02
• Sun SDK (Linux Production Release) 1.2.2 _007
• Sun SDK (Linux Production Release) 1.3.0 .0_02
• Sun SDK (Solaris Production Release) 1.2.2 _07
• Sun SDK (Solaris Production Release) 1.2.2 _07a
• Sun SDK (Solaris Production Release) 1.3.0 .0_02
• Sun SDK (Solaris Reference Release) 1.2.2 _007
• Sun SDK (Windows Production Release) 1.2.2 _007
• Sun SDK (Windows Production Release) 1.3.0 .0_02
• Sun SDK 1.1.3
• Sun SDK 1.3.0.0

References:

• Apple: Apple Computer Product Security Incident Response
• Cameron McNeil: MRJ2.2.4 and Applet Security

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.