CVE-2002-0058

Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216
http://marc.info/?l=bugtraq&m=101534535304228&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:jre:1.2.2:update10::::::
	cpe:2.3:a:sun:jre:1.3.0:update2::::::
	cpe:2.3:a:sun:jre:1.1.8:update13::::::
	cpe:2.3:a:sun:jre:1.1.8:update7::::::
	cpe:2.3:a:microsoft:virtual_machine:3802:::::::*
	cpe:2.3:a:sun:sdk:1.1.8_007:::::::*
	cpe:2.3:a:sun:sdk:1.2.2_010:::::::*
	cpe:2.3:a:sun:jdk:1.1.8:update13::::::
	cpe:2.3:a:sun:jdk:1.1.8:update7::::::
	cpe:2.3:a:sun:sdk:1.2.2_10:::::::*
	cpe:2.3:a:sun:sdk:1.3_02:::::::*

Information

Published : 2002-03-14 21:00

Updated : 2018-10-12 14:30

NVD link : CVE-2002-0058

Mitre link : CVE-2002-0058

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

sun

sdk
jdk
jre

microsoft

virtual_machine

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216", "name": "00216", "tags": [], "refsource": "SUN"}, {"url": "http://marc.info/?l=bugtraq&m=101534535304228&w=2", "name": "20020305 Java HTTP proxy vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013", "name": "MS02-013", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0058", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-03-15T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:jre:1.2.2:update10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.1.8:update13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.1.8:update7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:sdk:1.1.8_007:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.1.8:update13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.1.8:update7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:sdk:1.3_02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:30Z"}