CVE-2004-2393

3 documents3 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Jsse

Timeline

PublishedDec 31

Latest updateApr 29

Description

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/jsse1.0.3, 1.0.3_01, 1.0.3_02+2

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-fh9j-p9p3-qmcg: Java Secure Socket Extension (JSSE) 1↗2022-04-29

▶

CVEList

CVE-2004-2393: Java Secure Socket Extension (JSSE) 1↗2005-08-17

▶