Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0896JRE vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
26.2%
top 3.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN JRE
Timeline
PublishedNov 17
Latest updateApr 29

Description

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsun/jre1.4.1

🔴Vulnerability Details

2
GHSA
GHSA-r86f-hgf6-34j6: The loadClass method of the sun2022-04-29
CVEList
CVE-2003-0896: The loadClass method of the sun2003-10-25

💥Exploits & PoCs

1
Exploit-DB
Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention2003-10-22
CVE-2003-0896 — SUN JRE vulnerability | cvebase