cvelistv5 - CVE-2005-3904

CVE-2005-3904 (GCVE-0-2005-3904)

Vulnerability from cvelistv5 – Published: 2005-11-30 11:00 – Updated: 2024-08-07 23:31

Summary

Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/17847	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18503	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/15615	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2005/2946	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2005/2675	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2005/2636	vdb-entryx_refsource_VUPEN
	http://sunsolve.sun.com/searchproxy/document.do?a…	vendor-advisoryx_refsource_SUNALERT
	http://www.kb.cert.org/vuls/id/931684	third-party-advisoryx_refsource_CERT-VN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://securitytracker.com/id?1015281	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/17748	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/18092	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:31:47.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "17847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17847"
          },
          {
            "name": "18503",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18503"
          },
          {
            "name": "15615",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15615"
          },
          {
            "name": "ADV-2005-2946",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2946"
          },
          {
            "name": "ADV-2005-2675",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2675"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
          },
          {
            "name": "ADV-2005-2636",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2636"
          },
          {
            "name": "102017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
          },
          {
            "name": "VU#931684",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/931684"
          },
          {
            "name": "APPLE-SA-2005-11-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
          },
          {
            "name": "1015281",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015281"
          },
          {
            "name": "sun-jmx-elevate-privileges(23252)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
          },
          {
            "name": "17748",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17748"
          },
          {
            "name": "18092",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18092"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "17847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17847"
        },
        {
          "name": "18503",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18503"
        },
        {
          "name": "15615",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15615"
        },
        {
          "name": "ADV-2005-2946",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2946"
        },
        {
          "name": "ADV-2005-2675",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2675"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
        },
        {
          "name": "ADV-2005-2636",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2636"
        },
        {
          "name": "102017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
        },
        {
          "name": "VU#931684",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/931684"
        },
        {
          "name": "APPLE-SA-2005-11-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
        },
        {
          "name": "1015281",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015281"
        },
        {
          "name": "sun-jmx-elevate-privileges(23252)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
        },
        {
          "name": "17748",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17748"
        },
        {
          "name": "18092",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18092"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "17847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17847"
            },
            {
              "name": "18503",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18503"
            },
            {
              "name": "15615",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15615"
            },
            {
              "name": "ADV-2005-2946",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2946"
            },
            {
              "name": "ADV-2005-2675",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2675"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
            },
            {
              "name": "ADV-2005-2636",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2636"
            },
            {
              "name": "102017",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
            },
            {
              "name": "VU#931684",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/931684"
            },
            {
              "name": "APPLE-SA-2005-11-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
            },
            {
              "name": "1015281",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015281"
            },
            {
              "name": "sun-jmx-elevate-privileges(23252)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
            },
            {
              "name": "17748",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17748"
            },
            {
              "name": "18092",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18092"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3904",
    "datePublished": "2005-11-30T11:00:00",
    "dateReserved": "2005-11-30T00:00:00",
    "dateUpdated": "2024-08-07T23:31:47.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jdk:1.5.0_03:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"04750697-851D-40E6-B13A-1257FD7CB0A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*\", \"matchCriteriaId\": \"0DF9EC3A-E40C-415B-8BF3-40D3C474AF70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"937EEE89-443C-4435-9064-EE228B3CEBD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAB87D43-2860-43DD-94EE-886D7D75A351\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F30BCF2-E6A3-49E9-98BC-7948244C8FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8966374E-426B-42A7-9D62-9A9A14032390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"634F8387-DFBE-4B78-9063-65737160F13A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"923FA413-0F4E-4373-83F9-80DC9CA57D15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A06743B3-2637-47C2-BD1A-28D9F584ED75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"399B06AC-E101-48EE-A362-D75F7072FF5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:update15:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF5081A4-C1D4-4312-BF0B-DEB47836953B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*\", \"matchCriteriaId\": \"04FB9247-7DB5-46A1-9E99-C25A729FB5D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:update4:*:*:*:*:*:*\", \"matchCriteriaId\": \"218831F9-2C00-4E66-B3B8-B9537C89863F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.3.1:update8:*:*:*:*:*:*\", \"matchCriteriaId\": \"50C269C1-8B4F-4622-A937-DABE766C2CEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"355CB56A-A598-4CD6-9AFB-FE0B09FFC2C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63978872-E797-4F13-B0F9-98CB67D0962A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EEAB662-644A-4D7B-8237-64142CF48724\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9598A49-95F2-42DB-B92C-CD026F739B83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BED1009E-AE60-43A0-A0F5-38526EFCF423\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D011585C-0E62-4233-85FA-F29A07D68DA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F226D898-F0E8-41D8-BF40-54DE9FB5426D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE28C283-447A-4F83-B96B-69F96E663C1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D102063B-2434-4141-98E7-2DE501AE1728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"133A7B66-E0B3-4867-A5A4-3C54D6C0C8ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7FC09E8-7F30-4FE4-912E-588AA250E2A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EA5B9E9-654D-44F7-AE98-3D8B382804AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*\", \"matchCriteriaId\": \"44051CFE-D15D-4416-A123-F3E49C67A9E7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.\"}]",
      "id": "CVE-2005-3904",
      "lastModified": "2024-11-21T00:03:01.250",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-11-30T11:03:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17748\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17847\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/18092\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/18503\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015281\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21225628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/931684\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/15615\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2636\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2675\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2946\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/23252\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/18092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/18503\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21225628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/931684\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/15615\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2675\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2946\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/23252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3904\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-11-30T11:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0_03:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"04750697-851D-40E6-B13A-1257FD7CB0A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"0DF9EC3A-E40C-415B-8BF3-40D3C474AF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"937EEE89-443C-4435-9064-EE228B3CEBD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB87D43-2860-43DD-94EE-886D7D75A351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F30BCF2-E6A3-49E9-98BC-7948244C8FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8966374E-426B-42A7-9D62-9A9A14032390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"634F8387-DFBE-4B78-9063-65737160F13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"923FA413-0F4E-4373-83F9-80DC9CA57D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06743B3-2637-47C2-BD1A-28D9F584ED75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"399B06AC-E101-48EE-A362-D75F7072FF5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF5081A4-C1D4-4312-BF0B-DEB47836953B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*\",\"matchCriteriaId\":\"04FB9247-7DB5-46A1-9E99-C25A729FB5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"218831F9-2C00-4E66-B3B8-B9537C89863F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"50C269C1-8B4F-4622-A937-DABE766C2CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"355CB56A-A598-4CD6-9AFB-FE0B09FFC2C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63978872-E797-4F13-B0F9-98CB67D0962A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EEAB662-644A-4D7B-8237-64142CF48724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9598A49-95F2-42DB-B92C-CD026F739B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED1009E-AE60-43A0-A0F5-38526EFCF423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D011585C-0E62-4233-85FA-F29A07D68DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F226D898-F0E8-41D8-BF40-54DE9FB5426D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE28C283-447A-4F83-B96B-69F96E663C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D102063B-2434-4141-98E7-2DE501AE1728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133A7B66-E0B3-4867-A5A4-3C54D6C0C8ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7FC09E8-7F30-4FE4-912E-588AA250E2A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EA5B9E9-654D-44F7-AE98-3D8B382804AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"44051CFE-D15D-4416-A123-F3E49C67A9E7\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17748\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18092\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18503\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015281\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21225628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/931684\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/15615\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2636\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2675\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2946\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23252\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21225628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/931684\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/15615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2005-3904

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-3904

Aliases

CVE-2005-3904

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3904",
    "description": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.",
    "id": "GSD-2005-3904",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-3904.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3904"
      ],
      "details": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.",
      "id": "GSD-2005-3904",
      "modified": "2023-12-13T01:20:12.497933Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3904",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "17847",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17847"
          },
          {
            "name": "18503",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18503"
          },
          {
            "name": "15615",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15615"
          },
          {
            "name": "ADV-2005-2946",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2946"
          },
          {
            "name": "ADV-2005-2675",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2675"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
          },
          {
            "name": "ADV-2005-2636",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2636"
          },
          {
            "name": "102017",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
          },
          {
            "name": "VU#931684",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/931684"
          },
          {
            "name": "APPLE-SA-2005-11-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
          },
          {
            "name": "1015281",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015281"
          },
          {
            "name": "sun-jmx-elevate-privileges(23252)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
          },
          {
            "name": "17748",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17748"
          },
          {
            "name": "18092",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18092"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0_03:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3904"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102017",
              "refsource": "SUNALERT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
            },
            {
              "name": "15615",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15615"
            },
            {
              "name": "17748",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17748"
            },
            {
              "name": "1015281",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015281"
            },
            {
              "name": "VU#931684",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/931684"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
            },
            {
              "name": "17847",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17847"
            },
            {
              "name": "18092",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18092"
            },
            {
              "name": "APPLE-SA-2005-11-30",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
            },
            {
              "name": "18503",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18503"
            },
            {
              "name": "ADV-2005-2636",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2636"
            },
            {
              "name": "ADV-2005-2675",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2675"
            },
            {
              "name": "ADV-2005-2946",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2946"
            },
            {
              "name": "sun-jmx-elevate-privileges(23252)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2005-11-30T11:03Z"
    }
  }
}

CERTA-2005-AVI-474

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans la machine virtuelle Java de Sun permettent à un utilisateur distant mal intentionné d'exécuter du code arbitraire.

Description

La machine virtuelle Java ou JRE (Java Runtime Environment) permet d'exécuter des applications Java. Plusieurs vulnérabilités présentes dans certaines API (Application Programming Interfaces) Java permettent à un utilisateur distant mal intentionné d'exécuter du code arbitraire par le biais d'une applet malicieusement construite.

Solution

La version 1.3.1 Update 16 (1.3.1_16), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.3/download.html
```
La version 1.4.2 Update 9 (1.4.2_09), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.4.2/download.html
```
La version 1.5.0 Update 4 (1.5.0_04), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.5.0/download.jsp
```

None

Impacted products

Vendor	Product	Description
N/A	N/A	SDK et JRE versions 1.5.0 Update 3 (1.5.0_03) et antérieures.
N/A	N/A	SDK et JRE versions 1.3.1 Update 15 (1.3.1_15) et antérieures ;
N/A	N/A	SDK et JRE versions 1.4.2 Update 8 (1.4.2_08) et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun du 28 novembre 2005	None	vendor-advisory
Bulletin de sécurité Sun #102050 du 28 novembre 2005 :	-	other
Bulletin de sécurité Sun #102003 du 28 novembre 2005 :	-	other
Site de l'éditeur :	-	other
Bulletin de sécurité Gentoo GLSA 200601-10 du 16 janvier 2006 :	-	other
Bulletin de sécurité SUSE SUSE-SR:2006:001 du 13 janvier 2006 :	-	other
Bulletin de sécurité Sun #102017 du 28 novembre 2005 :	-	other
Bulletin de sécurité Apple #302913 du 15 novembre 2005 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SDK et JRE versions 1.5.0 Update 3 (1.5.0_03) et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SDK et JRE versions 1.3.1 Update 15 (1.3.1_15) et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SDK et JRE versions 1.4.2 Update 8 (1.4.2_08) et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa machine virtuelle Java ou JRE (Java Runtime Environment) permet\nd\u0027ex\u00e9cuter des applications Java. Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes\ndans certaines API (Application Programming Interfaces) Java permettent\n\u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire\npar le biais d\u0027une applet malicieusement construite.\n\n## Solution\n\n-   La version 1.3.1 Update 16 (1.3.1_16), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.3/download.html\n\n-   La version 1.4.2 Update 9 (1.4.2_09), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.4.2/download.html\n\n-   La version 1.5.0 Update 4 (1.5.0_04), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.5.0/download.jsp\n",
  "cves": [
    {
      "name": "CVE-2005-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3905"
    },
    {
      "name": "CVE-2005-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3906"
    },
    {
      "name": "CVE-2005-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3904"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102050 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102050-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102003 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1"
    },
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://java.sun.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200601-10 du 16 janvier    2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2006:001 du 13 janvier    2006 :",
      "url": "http://www.novell.com/linux/security/advisories/2006_01_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102017 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple #302913 du 15 novembre 2005 :",
      "url": "http://docs.info.apple.com/article.html?artnum=302913"
    }
  ],
  "reference": "CERTA-2005-AVI-474",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-11-30T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Apple.",
      "revision_date": "2005-12-02T00:00:00.000000"
    },
    {
      "description": "corrections et pr\u00e9cisions sur les versions impact\u00e9es.",
      "revision_date": "2005-12-08T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE et Gentoo et des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2006-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans la machine virtuelle Java de Sun\npermettent \u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans la machine virtuelle Java de Sun",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 28 novembre 2005",
      "url": null
    }
  ]
}

CERTA-2005-AVI-474

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans la machine virtuelle Java de Sun permettent à un utilisateur distant mal intentionné d'exécuter du code arbitraire.

Description

Solution

La version 1.3.1 Update 16 (1.3.1_16), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.3/download.html
```
La version 1.4.2 Update 9 (1.4.2_09), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.4.2/download.html
```
La version 1.5.0 Update 4 (1.5.0_04), ou version supérieure, du SDK ou de la JRE corrige le problème :
```
http://java.sun.com/j2se/1.5.0/download.jsp
```

None

Impacted products

Vendor	Product	Description
N/A	N/A	SDK et JRE versions 1.5.0 Update 3 (1.5.0_03) et antérieures.
N/A	N/A	SDK et JRE versions 1.3.1 Update 15 (1.3.1_15) et antérieures ;
N/A	N/A	SDK et JRE versions 1.4.2 Update 8 (1.4.2_08) et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun du 28 novembre 2005	None	vendor-advisory
Bulletin de sécurité Sun #102050 du 28 novembre 2005 :	-	other
Bulletin de sécurité Sun #102003 du 28 novembre 2005 :	-	other
Site de l'éditeur :	-	other
Bulletin de sécurité Gentoo GLSA 200601-10 du 16 janvier 2006 :	-	other
Bulletin de sécurité SUSE SUSE-SR:2006:001 du 13 janvier 2006 :	-	other
Bulletin de sécurité Sun #102017 du 28 novembre 2005 :	-	other
Bulletin de sécurité Apple #302913 du 15 novembre 2005 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SDK et JRE versions 1.5.0 Update 3 (1.5.0_03) et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SDK et JRE versions 1.3.1 Update 15 (1.3.1_15) et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "SDK et JRE versions 1.4.2 Update 8 (1.4.2_08) et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa machine virtuelle Java ou JRE (Java Runtime Environment) permet\nd\u0027ex\u00e9cuter des applications Java. Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes\ndans certaines API (Application Programming Interfaces) Java permettent\n\u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire\npar le biais d\u0027une applet malicieusement construite.\n\n## Solution\n\n-   La version 1.3.1 Update 16 (1.3.1_16), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.3/download.html\n\n-   La version 1.4.2 Update 9 (1.4.2_09), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.4.2/download.html\n\n-   La version 1.5.0 Update 4 (1.5.0_04), ou version sup\u00e9rieure, du SDK\n    ou de la JRE corrige le probl\u00e8me :\n\n        http://java.sun.com/j2se/1.5.0/download.jsp\n",
  "cves": [
    {
      "name": "CVE-2005-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3905"
    },
    {
      "name": "CVE-2005-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3906"
    },
    {
      "name": "CVE-2005-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3904"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102050 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102050-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102003 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1"
    },
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://java.sun.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200601-10 du 16 janvier    2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2006:001 du 13 janvier    2006 :",
      "url": "http://www.novell.com/linux/security/advisories/2006_01_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #102017 du 28 novembre 2005 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple #302913 du 15 novembre 2005 :",
      "url": "http://docs.info.apple.com/article.html?artnum=302913"
    }
  ],
  "reference": "CERTA-2005-AVI-474",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-11-30T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Apple.",
      "revision_date": "2005-12-02T00:00:00.000000"
    },
    {
      "description": "corrections et pr\u00e9cisions sur les versions impact\u00e9es.",
      "revision_date": "2005-12-08T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE et Gentoo et des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2006-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans la machine virtuelle Java de Sun\npermettent \u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans la machine virtuelle Java de Sun",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 28 novembre 2005",
      "url": null
    }
  ]
}

GHSA-R8QG-VJH8-H4M5

Vulnerability from github – Published: 2022-05-01 02:22 – Updated: 2022-05-01 02:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3904"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-11-30T11:03:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.",
  "id": "GHSA-r8qg-vjh8-h4m5",
  "modified": "2022-05-01T02:22:16Z",
  "published": "2022-05-01T02:22:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3904"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17748"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17847"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18092"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18503"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015281"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/931684"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15615"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2636"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2675"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2946"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2005-3904

Vulnerability from fkie_nvd - Published: 2005-11-30 11:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
cve@mitre.org	http://secunia.com/advisories/17748	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/17847
cve@mitre.org	http://secunia.com/advisories/18092
cve@mitre.org	http://secunia.com/advisories/18503
cve@mitre.org	http://securitytracker.com/id?1015281
cve@mitre.org	http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21225628
cve@mitre.org	http://www.kb.cert.org/vuls/id/931684	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/15615
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2636
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2675
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2946
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23252
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17748	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17847
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18092
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18503
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015281
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21225628
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/931684	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15615
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2636
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2675
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2946
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23252

Impacted products

Vendor	Product	Version
sun	jdk	1.5.0_03
sun	jdk	1.5.0_03
sun	jdk	1.5.0_03
sun	jre	1.3.0
sun	jre	1.3.0
sun	jre	1.3.0
sun	jre	1.3.0
sun	jre	1.3.0
sun	jre	1.3.0
sun	jre	1.3.1
sun	jre	1.3.1
sun	jre	1.3.1
sun	jre	1.3.1
sun	jre	1.3.1
sun	jre	1.3.1
sun	jre	1.4.1
sun	jre	1.4.2
sun	jre	1.4.2_1
sun	jre	1.4.2_2
sun	jre	1.4.2_3
sun	jre	1.4.2_4
sun	jre	1.4.2_5
sun	jre	1.4.2_6
sun	jre	1.4.2_7
sun	jre	1.4.2_8
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:linux:*:*:*:*:*",
              "matchCriteriaId": "04750697-851D-40E6-B13A-1257FD7CB0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "0DF9EC3A-E40C-415B-8BF3-40D3C474AF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*",
              "matchCriteriaId": "937EEE89-443C-4435-9064-EE228B3CEBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB87D43-2860-43DD-94EE-886D7D75A351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "7F30BCF2-E6A3-49E9-98BC-7948244C8FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "8966374E-426B-42A7-9D62-9A9A14032390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "634F8387-DFBE-4B78-9063-65737160F13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "923FA413-0F4E-4373-83F9-80DC9CA57D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "A06743B3-2637-47C2-BD1A-28D9F584ED75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "399B06AC-E101-48EE-A362-D75F7072FF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update15:*:*:*:*:*:*",
              "matchCriteriaId": "BF5081A4-C1D4-4312-BF0B-DEB47836953B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*",
              "matchCriteriaId": "04FB9247-7DB5-46A1-9E99-C25A729FB5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update4:*:*:*:*:*:*",
              "matchCriteriaId": "218831F9-2C00-4E66-B3B8-B9537C89863F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update8:*:*:*:*:*:*",
              "matchCriteriaId": "50C269C1-8B4F-4622-A937-DABE766C2CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "355CB56A-A598-4CD6-9AFB-FE0B09FFC2C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63978872-E797-4F13-B0F9-98CB67D0962A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EEAB662-644A-4D7B-8237-64142CF48724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9598A49-95F2-42DB-B92C-CD026F739B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED1009E-AE60-43A0-A0F5-38526EFCF423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D011585C-0E62-4233-85FA-F29A07D68DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F226D898-F0E8-41D8-BF40-54DE9FB5426D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE28C283-447A-4F83-B96B-69F96E663C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D102063B-2434-4141-98E7-2DE501AE1728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133A7B66-E0B3-4867-A5A4-3C54D6C0C8ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors."
    }
  ],
  "id": "CVE-2005-3904",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-30T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17748"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17847"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18503"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/931684"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15615"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2636"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2675"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2946"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/931684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23252"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2005-000705

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

() - -

Summary

Fujitsu Java Runtime Environment reflection API vulnerability

Details

A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN15972537/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3904
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3904
	CERT-VN	http://www.kb.cert.org/vuls/id/931684
	SECUNIA	http://secunia.com/advisories/17748/
	BID	http://www.securityfocus.com/bid/15615
	FRSIRT	http://www.frsirt.com/english/advisories/2005/2636

Impacted products

Vendor

Product

	IBM Corporation	IBM SDK, Java
	Sun Microsystems, Inc.	JDK
	Sun Microsystems, Inc.	JRE

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000705.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.\r\n\r\nThis problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu\u0027s product is modified based on this product and is reported to contain a similar vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000705.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:ibm:java_sdk",
      "@product": "IBM SDK, Java",
      "@vendor": "IBM Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jdk",
      "@product": "JDK",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:jre",
      "@product": "JRE",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000705",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN15972537/index.html",
      "@id": "JVN#15972537",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3904",
      "@id": "CVE-2005-3904",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3904",
      "@id": "CVE-2005-3904",
      "@source": "NVD"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/931684",
      "@id": "VU#931684",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://secunia.com/advisories/17748/",
      "@id": "SA17748",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15615",
      "@id": "15615",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2005/2636",
      "@id": "FrSIRT/ADV-2005-2636",
      "@source": "FRSIRT"
    }
  ],
  "title": "Fujitsu Java Runtime Environment reflection API vulnerability"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3904 (GCVE-0-2005-3904)

GSD-2005-3904

CERTA-2005-AVI-474

Description

Solution

CERTA-2005-AVI-474

Description

Solution

GHSA-R8QG-VJH8-H4M5

FKIE_CVE-2005-3904

JVNDB-2005-000705

Tags

Sightings

Nomenclature