VULHUB ™

Sun Java Secure Socket Extension (JSSE), Java Plug-In, and Java Web Start do not validate certificates correctly. In the case of JSSE, this may result in untrusted and potentially hostile websites being successfully authenticated for SSL transactions. The vulnerability occurs when initializing SSLContext with an instance of the X509TrustManager implementation. This will result in JSSE to incorrectly determine trust decisions. In the case of Java Plug-In or Java Web Start, this may result in untrusted and potentially hostile code (in signed JAR files) being treated and therefore executed as though it is trusted. It is not currently known what circumstances are required to reproduce these conditions. Though not verified, this may be similar to the issue described in BID 5410.

Sun Java Secure Socket Extension (JSSE), Java Plug-In, and Java Web Start do not validate certificates correctly. In the case of JSSE, this may result in untrusted and potentially hostile websites being successfully authenticated for SSL transactions. The vulnerability occurs when initializing SSLContext with an instance of the X509TrustManager implementation. This will result in JSSE to incorrectly determine trust decisions. In the case of Java Plug-In or Java Web Start, this may result in untrusted and potentially hostile code (in signed JAR files) being treated and therefore executed as though it is trusted. It is not currently known what circumstances are required to reproduce these conditions. Though not verified, this may be similar to the issue described in BID 5410.