Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:JAVA:SANDBOX-BYPASS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Sun JAVA Plug-in Sandbox Security Bypass

Release Date

 2004/12/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Sun JAVA Plug-in Sandbox Security Bypass


This signature detects attempts to exploit a known vulnerability against the Sun Java Virtual Machine. Attackers can attempt to bypass the Sandbox Security model and access normally restricted information or install and execute programs on the target computer.

Extended Description

A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. ** UPDATE: It is reported that the various methods of invoking Java applets can be abused to specify which version of a plug-in will be used to run an applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). It is not known to what degree the Sun Java Runtime Environment Java Plug-in JavaScript Security Restriction Bypass Vulnerability is affected by this security weakness, though a number of other known vulnerabilities could be affected.

Affected Products

  • Apple Mac OS X 10.3.4
  • Apple Mac OS X 10.3.5
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.3.7
  • Apple Mac OS X 10.3.8
  • Apple Mac OS X Server 10.3.4
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.3.7
  • Apple Mac OS X Server 10.3.8
  • Conectiva Linux 10.0.0
  • Gentoo Linux
  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • HP Java SDK/RTE for HP-UX PA-RISC 1.3.0
  • HP Java SDK/RTE for HP-UX PA-RISC 1.4.0
  • Oracle Enterprise Manager Application Server Control 9.0.4 .0
  • Oracle Enterprise Manager Application Server Control 9.0.4 .1
  • Oracle Enterprise Manager Database Control 10g 10.1.0 .0.2
  • Oracle Enterprise Manager Database Control 10g 10.1.0 .0.3
  • Oracle Enterprise Manager Database Control 10g 10.1.0 .0.4
  • Oracle Enterprise Manager Grid Control 10g 10.1.0 .0.2
  • Oracle Enterprise Manager Grid Control 10g 10.1.0 .3
  • Oracle Express Server 6.3.4 .0
  • Oracle Forms And Reports 4.5.10 .22
  • Oracle Forms And Reports 6.0.8 .25
  • Oracle HTTP Server for Server 8.1.7
  • Oracle HTTP Server for Server 9.0.1
  • Oracle HTTP Server for Server 9.2
  • Oracle JInitiator 1.1.8
  • Oracle JInitiator 1.3.1
  • Oracle Oracle10g Application Server 9.0.4 .0
  • Oracle Oracle10g Application Server 9.0.4 .1
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
  • Oracle Oracle10g Personal Edition 10.1.0 .0.2
  • Oracle Oracle10g Personal Edition 10.1.0 .0.3
  • Oracle Oracle10g Personal Edition 10.1.0 .0.4
  • Oracle Oracle10g Standard Edition 10.1.0 .0.2
  • Oracle Oracle10g Standard Edition 10.1.0 .0.3
  • Oracle Oracle10g Standard Edition 10.1.0 .0.4
  • Oracle Oracle8 8.0.6
  • Oracle Oracle8 8.0.6 .3
  • Oracle Oracle8i Enterprise Edition 8.1.7.4.0
  • Oracle Oracle8i Standard Edition 8.1.7 .4
  • Oracle Oracle9i Application Server 1.0.2 .2
  • Oracle Oracle9i Application Server 9.0.2 .3
  • Oracle Oracle9i Application Server 9.0.3 .1
  • Oracle Oracle9i Enterprise Edition 9.0.1 .4
  • Oracle Oracle9i Enterprise Edition 9.0.1 .5
  • Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
  • Oracle Oracle9i Enterprise Edition 9.2.0.6.0
  • Oracle Oracle9i Personal Edition 9.0.1 .4
  • Oracle Oracle9i Personal Edition 9.0.1 .5
  • Oracle Oracle9i Personal Edition 9.2.0 .0.5
  • Oracle Oracle9i Personal Edition 9.2.0 .6
  • Oracle Oracle9i Standard Edition 9.0.1 .4
  • Oracle Oracle9i Standard Edition 9.0.1 .5
  • Oracle Oracle9i Standard Edition 9.2.0 .0.5
  • Oracle Oracle9i Standard Edition 9.2.0 .6
  • Oracle Oracle HTTP Server 1.0.2 .0
  • Oracle Oracle HTTP Server 1.0.2 .1
  • Oracle Oracle HTTP Server 1.0.2 .2
  • Oracle Oracle HTTP Server 1.0.2 .2 Roll up 2
  • Oracle Oracle HTTP Server 8.1.7
  • Oracle Oracle HTTP Server 9.0.1
  • Oracle Oracle HTTP Server 9.0.2
  • Oracle Oracle HTTP Server 9.0.2 .3
  • Oracle Oracle HTTP Server 9.0.3 .1
  • Oracle Oracle HTTP Server 9.1.0
  • Oracle Oracle HTTP Server 9.2.0 .0
  • Oracle Oracle HTTP Server for Apps only 1.0.2 .1s
  • Oracle Workflow 11.5.1
  • Oracle Workflow 11.5.9 .5
  • Sun Java Desktop System (JDS) 2.0.0
  • Sun Java Desktop System (JDS) 2003
  • Sun JRE (Linux Production Release) 1.3.0 .0
  • Sun JRE (Linux Production Release) 1.3.0 .0 01
  • Sun JRE (Linux Production Release) 1.3.0 .0 02
  • Sun JRE (Linux Production Release) 1.3.0 .0 03
  • Sun JRE (Linux Production Release) 1.3.0 .0 04
  • Sun JRE (Linux Production Release) 1.3.0 .0 05
  • Sun JRE (Linux Production Release) 1.3.1
  • Sun JRE (Linux Production Release) 1.3.1 01
  • Sun JRE (Linux Production Release) 1.3.1 01A
  • Sun JRE (Linux Production Release) 1.3.1 02
  • Sun JRE (Linux Production Release) 1.3.1 03
  • Sun JRE (Linux Production Release) 1.3.1 04
  • Sun JRE (Linux Production Release) 1.3.1 05
  • Sun JRE (Linux Production Release) 1.3.1 06
  • Sun JRE (Linux Production Release) 1.3.1 07
  • Sun JRE (Linux Production Release) 1.3.1 08
  • Sun JRE (Linux Production Release) 1.3.1 09
  • Sun JRE (Linux Production Release) 1.4.0
  • Sun JRE (Linux Production Release) 1.4.0 .0 02
  • Sun JRE (Linux Production Release) 1.4.0 .0 03
  • Sun JRE (Linux Production Release) 1.4.0 .0 04
  • Sun JRE (Linux Production Release) 1.4.1
  • Sun JRE (Linux Production Release) 1.4.1 01
  • Sun JRE (Linux Production Release) 1.4.1 02
  • Sun JRE (Linux Production Release) 1.4.1 03
  • Sun JRE (Linux Production Release) 1.4.2
  • Sun JRE (Linux Production Release) 1.4.2 01
  • Sun JRE (Linux Production Release) 1.4.2 02
  • Sun JRE (Linux Production Release) 1.4.2 03
  • Sun JRE (Linux Production Release) 1.4.2 04
  • Sun JRE (Linux Production Release) 1.4.2 05
  • Sun JRE (Solaris Production Release) 1.3.0
  • Sun JRE (Solaris Production Release) 1.3.0 .0 02
  • Sun JRE (Solaris Production Release) 1.3.0 .0 05
  • Sun JRE (Solaris Production Release) 1.3.0 01
  • Sun JRE (Solaris Production Release) 1.3.0 03
  • Sun JRE (Solaris Production Release) 1.3.0 04
  • Sun JRE (Solaris Production Release) 1.3.1
  • Sun JRE (Solaris Production Release) 1.3.1 01
  • Sun JRE (Solaris Production Release) 1.3.1 02
  • Sun JRE (Solaris Production Release) 1.3.1 03
  • Sun JRE (Solaris Production Release) 1.3.1 04
  • Sun JRE (Solaris Production Release) 1.3.1 05
  • Sun JRE (Solaris Production Release) 1.3.1 06
  • Sun JRE (Solaris Production Release) 1.3.1 07
  • Sun JRE (Solaris Production Release) 1.3.1 08
  • Sun JRE (Solaris Production Release) 1.3.1 09
  • Sun JRE (Solaris Production Release) 1.4.0
  • Sun JRE (Solaris Production Release) 1.4.0 .0 01
  • Sun JRE (Solaris Production Release) 1.4.0 .0 02
  • Sun JRE (Solaris Production Release) 1.4.0 .0 03
  • Sun JRE (Solaris Production Release) 1.4.0 .0 04
  • Sun JRE (Solaris Production Release) 1.4.1
  • Sun JRE (Solaris Production Release) 1.4.1 01
  • Sun JRE (Solaris Production Release) 1.4.1 02
  • Sun JRE (Solaris Production Release) 1.4.1 03
  • Sun JRE (Solaris Production Release) 1.4.2
  • Sun JRE (Solaris Production Release) 1.4.2 01
  • Sun JRE (Solaris Production Release) 1.4.2 02
  • Sun JRE (Solaris Production Release) 1.4.2 03
  • Sun JRE (Solaris Production Release) 1.4.2 04
  • Sun JRE (Solaris Production Release) 1.4.2 05
  • Sun JRE (Windows Production Release) 1.3.0
  • Sun JRE (Windows Production Release) 1.3.0 .0 02
  • Sun JRE (Windows Production Release) 1.3.0 .0 04
  • Sun JRE (Windows Production Release) 1.3.0 .0 05
  • Sun JRE (Windows Production Release) 1.3.1 01
  • Sun JRE (Windows Production Release) 1.3.1 01A
  • Sun JRE (Windows Production Release) 1.3.1 02
  • Sun JRE (Windows Production Release) 1.3.1 03
  • Sun JRE (Windows Production Release) 1.3.1 04
  • Sun JRE (Windows Production Release) 1.3.1 05
  • Sun JRE (Windows Production Release) 1.3.1 06
  • Sun JRE (Windows Production Release) 1.3.1 07
  • Sun JRE (Windows Production Release) 1.3.1 08
  • Sun JRE (Windows Production Release) 1.3.1 09
  • Sun JRE (Windows Production Release) 1.4.0
  • Sun JRE (Windows Production Release) 1.4.0 .0 01
  • Sun JRE (Windows Production Release) 1.4.0 .0 02
  • Sun JRE (Windows Production Release) 1.4.0 .0 03
  • Sun JRE (Windows Production Release) 1.4.0 .0 04
  • Sun JRE (Windows Production Release) 1.4.1
  • Sun JRE (Windows Production Release) 1.4.1 01
  • Sun JRE (Windows Production Release) 1.4.1 02
  • Sun JRE (Windows Production Release) 1.4.1 03
  • Sun JRE (Windows Production Release) 1.4.1 07
  • Sun JRE (Windows Production Release) 1.4.2
  • Sun JRE (Windows Production Release) 1.4.2 01
  • Sun JRE (Windows Production Release) 1.4.2 02
  • Sun JRE (Windows Production Release) 1.4.2 03
  • Sun JRE (Windows Production Release) 1.4.2 04
  • Sun JRE (Windows Production Release) 1.4.2 05
  • Sun SDK (Linux Production Release) 1.3.1 01
  • Sun SDK (Linux Production Release) 1.3.1 02
  • Sun SDK (Linux Production Release) 1.3.1 03
  • Sun SDK (Linux Production Release) 1.3.1 05
  • Sun SDK (Linux Production Release) 1.3.1 06
  • Sun SDK (Linux Production Release) 1.3.1 07
  • Sun SDK (Linux Production Release) 1.4.0
  • Sun SDK (Linux Production Release) 1.4.0 .0 02
  • Sun SDK (Linux Production Release) 1.4.0 .0 03
  • Sun SDK (Linux Production Release) 1.4.0 .0 4
  • Sun SDK (Linux Production Release) 1.4.1
  • Sun SDK (Linux Production Release) 1.4.1 01
  • Sun SDK (Linux Production Release) 1.4.1 02
  • Sun SDK (Linux Production Release) 1.4.1 03
  • Sun SDK (Linux Production Release) 1.4.2
  • Sun SDK (Linux Production Release) 1.4.2 01
  • Sun SDK (Linux Production Release) 1.4.2 02
  • Sun SDK (Linux Production Release) 1.4.2 03
  • Sun SDK (Linux Production Release) 1.4.2 04
  • Sun SDK (Linux Production Release) 1.4.2 05
  • Sun SDK (Solaris Production Release) 1.3.1 01
  • Sun SDK (Solaris Production Release) 1.3.1 02
  • Sun SDK (Solaris Production Release) 1.3.1 03
  • Sun SDK (Solaris Production Release) 1.3.1 05
  • Sun SDK (Solaris Production Release) 1.3.1 06
  • Sun SDK (Solaris Production Release) 1.3.1 07
  • Sun SDK (Solaris Production Release) 1.4.0
  • Sun SDK (Solaris Production Release) 1.4.0 .0 02
  • Sun SDK (Solaris Production Release) 1.4.0 .0 03
  • Sun SDK (Solaris Production Release) 1.4.0 .0 4
  • Sun SDK (Solaris Production Release) 1.4.1
  • Sun SDK (Solaris Production Release) 1.4.1 01
  • Sun SDK (Solaris Production Release) 1.4.1 02
  • Sun SDK (Solaris Production Release) 1.4.1 03
  • Sun SDK (Solaris Production Release) 1.4.2
  • Sun SDK (Solaris Production Release) 1.4.2 03
  • Sun SDK (Solaris Production Release) 1.4.2 04
  • Sun SDK (Solaris Production Release) 1.4.2 05
  • Sun SDK (Windows Production Release) 1.3.1 01A
  • Sun SDK (Windows Production Release) 1.3.1 02
  • Sun SDK (Windows Production Release) 1.3.1 03
  • Sun SDK (Windows Production Release) 1.3.1 04
  • Sun SDK (Windows Production Release) 1.3.1 05
  • Sun SDK (Windows Production Release) 1.3.1 06
  • Sun SDK (Windows Production Release) 1.3.1 07
  • Sun SDK (Windows Production Release) 1.4.0
  • Sun SDK (Windows Production Release) 1.4.0 .0 01
  • Sun SDK (Windows Production Release) 1.4.0 .0 02
  • Sun SDK (Windows Production Release) 1.4.0 .0 03
  • Sun SDK (Windows Production Release) 1.4.0 .0 4
  • Sun SDK (Windows Production Release) 1.4.1
  • Sun SDK (Windows Production Release) 1.4.1 01
  • Sun SDK (Windows Production Release) 1.4.1 02
  • Sun SDK (Windows Production Release) 1.4.1 03
  • Sun SDK (Windows Production Release) 1.4.2
  • Sun SDK (Windows Production Release) 1.4.2 03
  • Sun SDK (Windows Production Release) 1.4.2 04
  • Sun SDK (Windows Production Release) 1.4.2 05
  • SuSE Linux 8.0.0
  • SuSE Linux 8.0.0 i386
  • SuSE Linux 8.1.0
  • SuSE Linux Personal 8.2.0
  • SuSE Linux Personal 9.0.0
  • SuSE Linux Personal 9.0.0 X86 64
  • SuSE Linux Personal 9.1.0
  • SuSE Linux Personal 9.2.0
  • Symantec Enterprise Firewall 8.0.0
  • Symantec Enterprise Firewall 8.0.0 NT/2000
  • Symantec Enterprise Firewall 8.0.0 Solaris
  • Symantec Gateway Security 5400 2.0.0
  • Symantec Gateway Security 5400 2.0.1

References

  • BugTraq: 11726
  • CVE: CVE-2004-1029

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out