Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1516

4 documents4 sources
Severity
6.8MEDIUM
EPSS
3.1%
top 13.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Java Plug-in
Timeline
PublishedDec 31
Latest updateApr 29

Description

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDsun/java_plug-in1.4.2_01

🔴Vulnerability Details

2
GHSA
GHSA-jff6-hgp5-xgj5: The org2022-04-29
CVEList
CVE-2003-1516: The org2007-10-25

💥Exploits & PoCs

1
Exploit-DB
Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation2003-10-20
CVE-2003-1516 (MEDIUM CVSS 6.8) | The org.apache.xalan.processor.XSLP | cvebase.io