CVE-2003-0896
Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
El método loadClass de la clase sun.applet.AppletClassLoader en la Máquina Virtual de Java (JVM) en Sun SDK y JRE 1.4.1_03 y anteriores permite a atacantes remotos saltarles las restricciones del cajón de arena de Java y ejecutar código mediante una clase cargada que contenga caractéres "/" (barra) en lugar de "." punto, lo que evita la llamada al método del Adminstrador de Seguridad checkPackageAccess.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2003-10-22 First Exploit
- 2003-10-24 CVE Reserved
- 2003-10-25 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://lsd-pl.net/code/JVM/jre.tar.gz | X_refsource_misc | |
| http://marc.info/?l=bugtraq&m=106692334503819&w=2 | Mailing List | |
| http://www.securityfocus.com/archive/1/342580 | Mailing List | |
| http://www.securityfocus.com/archive/1/342583 | Mailing List | |
| http://www.securityfocus.com/bid/8879 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/23276 | 2003-10-22 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221 | 2016-10-18 | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1 | 2016-10-18 | |
| http://www.securityfocus.com/advisories/6028 | 2016-10-18 |