CVE-2002-0058

Current Description

Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.

Basic Data

PublishedMarch 15, 2002
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMicrosoftVirtual Machine3802*******
    2.3ApplicationSunJdk1.1.8update13******
    2.3ApplicationSunJdk1.1.8update7******
    2.3ApplicationSunJre1.1.8update13******
    2.3ApplicationSunJre1.1.8update7******
    2.3ApplicationSunJre1.2.2update10******
    2.3ApplicationSunJre1.3.0update2******
    2.3ApplicationSunSdk1.1.8_007*******
    2.3ApplicationSunSdk1.2.2_010*******
    2.3ApplicationSunSdk1.2.2_10*******
    2.3ApplicationSunSdk1.3_02*******

Vulnerable Software List

VendorProductVersions
Microsoft Virtual Machine 3802
Sun Jdk 1.1.8
Sun Sdk 1.1.8_007, 1.2.2_010, 1.2.2_10, 1.3_02
Sun Jre 1.1.8, 1.2.2, 1.3.0

References

NameSourceURLTags
20020305 Java HTTP proxy vulnerabilityhttp://marc.info/?l=bugtraq&m=101534535304228&w=2BUGTRAQ
00216http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216SUN
MS02-013https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013MS