CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=103682630823080&w=2
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
http://www.iss.net/security_center/static/10588.php
http://www.securityfocus.com/bid/6136
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-11-29 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-1295

Mitre link : CVE-2002-1295

CVE.ORG link : CVE-2002-1295

JSON object : View

Products Affected

microsoft

java_virtual_machine

CWE

NVD-CWE-Other

{"id": "CVE-2002-1295", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-11-29T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=103682630823080&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10588.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6136", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka \"Incomplete Java Object Instantiation Vulnerability.\""}, {"lang": "es", "value": "La implementaci\u00f3n de Java de Microsoft, como la usada en Interntet Explorer, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente llevar a cabo otras actividades no autorizadas mediante etiquetas de applets en HTML que evitan las restricciones de las clases de Java (como constructores privados) dando el nombre de la clase en par\u00e1metro del c\u00f3digo."}], "lastModified": "2018-10-12T21:32:17.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "916DA8F3-677B-46CB-A2B9-9FE2A2EBEBAD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}