Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1123 — JDK vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

8.6%

top 7.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN JDK SUN JRE

Timeline

PublishedDec 31

Latest updateApr 29

Description

Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/jdk13 versions+12

▶NVDsun/jre9 versions+8

Patches

Patch: sunsolve.sun.com ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wm8w-8q3h-xpmg: Sun Java Runtime Environment (JRE) and SDK 1↗2022-04-29

▶

CVEList

CVE-2003-1123: Sun Java Runtime Environment (JRE) and SDK 1↗2005-03-12

▶

💥Exploits & PoCs

Exploit-DB

Sun JRE/SDK 1.x - Untrusted Applet Java Security Model Violation↗2003-06-05

▶