cvelistv5 - cve-1999-0440

CVE-1999-0440 (GCVE-0-1999-0440)

Vulnerability from cvelistv5 – Published: 2000-10-13 04:00 – Updated: 2024-08-01 16:41

Summary

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/1939	vdb-entryx_refsource_BID
	http://java.sun.com/pr/1999/03/pr990329-01.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=92333596624452&w=2	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:41:44.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1939"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
          },
          {
            "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1939"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
        },
        {
          "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1939"
            },
            {
              "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
            },
            {
              "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0440",
    "datePublished": "2000-10-13T04:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:41:44.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E9A5461-B0F2-49DB-A69C-3D2D27709647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05CFEB93-B230-473E-A6D0-73CA0C48CB9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60AA08F1-9932-404D-830E-E6D126FC732B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2FBC98E-49CF-48F1-9206-DDE8166AA8E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E57BB283-31F4-487A-87CA-A251BFC5133C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B4D5F1E-DD1B-4CCE-B16D-05AB2DEBCB18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E20267FF-FCF8-42BF-9CF1-127FF856C6FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7EC6F62-37FF-46DD-997C-A4D77182BBEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5904FD1-9806-4C73-A4E8-98C1F8F078EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"431D7EED-1152-4245-92B9-023A4AC88EA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04BBF8B2-8378-4CA3-B8D4-4ED5D7B8A674\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B3EFA3B-5DE7-40D0-960D-283491163E74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DDA9F90-5D16-4E04-B285-D32C362279C6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.\"}]",
      "id": "CVE-1999-0440",
      "lastModified": "2024-11-20T23:28:44.600",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "1999-03-01T05:00:00.000",
      "references": "[{\"url\": \"http://java.sun.com/pr/1999/03/pr990329-01.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/1939\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://java.sun.com/pr/1999/03/pr990329-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/1939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-1999-0440\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"1999-03-01T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9A5461-B0F2-49DB-A69C-3D2D27709647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05CFEB93-B230-473E-A6D0-73CA0C48CB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60AA08F1-9932-404D-830E-E6D126FC732B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2FBC98E-49CF-48F1-9206-DDE8166AA8E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E57BB283-31F4-487A-87CA-A251BFC5133C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B4D5F1E-DD1B-4CCE-B16D-05AB2DEBCB18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E20267FF-FCF8-42BF-9CF1-127FF856C6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EC6F62-37FF-46DD-997C-A4D77182BBEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5904FD1-9806-4C73-A4E8-98C1F8F078EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"431D7EED-1152-4245-92B9-023A4AC88EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BBF8B2-8378-4CA3-B8D4-4ED5D7B8A674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3EFA3B-5DE7-40D0-960D-283491163E74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DDA9F90-5D16-4E04-B285-D32C362279C6\"}]}]}],\"references\":[{\"url\":\"http://java.sun.com/pr/1999/03/pr990329-01.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/1939\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://java.sun.com/pr/1999/03/pr990329-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/1939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-199903-0046

Vulnerability from variot - Updated: 2023-12-18 12:14

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. A serious vulnerability exists in certain current versions of the JVM. It is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java's typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim's system. If the victim can be led to visit the attacker's website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-199903-0046",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.01"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.06"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.02"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.07"
      },
      {
        "model": "communicator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.5"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.04"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.08"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.05"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.0"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netscape",
        "version": "4.03"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netscape",
        "version": "4.61"
      },
      {
        "model": "java",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "*"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netscape",
        "version": "4.5"
      },
      {
        "model": "db",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sap",
        "version": "7.4.03.27"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.2"
      },
      {
        "model": "jdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "1.1"
      },
      {
        "model": "navigator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netscape",
        "version": "4.0x"
      },
      {
        "model": "jvm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "db",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.4"
      },
      {
        "model": "db",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.3.00"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "BID",
        "id": "7408"
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Reported to bugtraq by Gary McGraw \u003cgem@rstcorp.com\u003e on Mon Apr 05 1999.\nCredit given to Karsten Sohr at the University of Marburg \u003csohr@mathematik.uni-marburg.de\u003e",
    "sources": [
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-1999-0440",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2003-1115",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-1999-0440",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2003-1115",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-199903-003",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the \u0027DevTool/bin/instlserver\u0027 program, according to the environment variable \u0027INSTROOT\u0027, the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. \nA serious vulnerability exists in certain current versions of the JVM. \nIt is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java\u0027s typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim\u0027s system. \nIf the victim can be led to visit the attacker\u0027s website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "BID",
        "id": "7408"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "1939",
        "trust": 1.9
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "7408",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "19990405 SECURITY HOLE IN JAVA 2 (AND JDK 1.1.X)",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "BID",
        "id": "7408"
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "id": "VAR-199903-0046",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:14:16.344000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/1939"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105103613727471\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92333596624452\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000142.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/319409"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "BID",
        "id": "7408"
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "BID",
        "id": "7408"
      },
      {
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "date": "1999-04-05T00:00:00",
        "db": "BID",
        "id": "1939"
      },
      {
        "date": "2003-04-22T00:00:00",
        "db": "BID",
        "id": "7408"
      },
      {
        "date": "1999-03-01T05:00:00",
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "date": "1999-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      },
      {
        "date": "1999-04-05T00:00:00",
        "db": "BID",
        "id": "1939"
      },
      {
        "date": "2009-07-11T21:07:00",
        "db": "BID",
        "id": "7408"
      },
      {
        "date": "2016-10-18T01:59:21.563000",
        "db": "NVD",
        "id": "CVE-1999-0440"
      },
      {
        "date": "2005-05-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP database development tool INSTLSERVER INSTROOT environment variable vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2003-1115"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "1939"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-199903-003"
      }
    ],
    "trust": 0.9
  }
}

GSD-1999-0440

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Aliases

CVE-1999-0440

Aliases

CVE-1999-0440

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-1999-0440",
    "description": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.",
    "id": "GSD-1999-0440"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-1999-0440"
      ],
      "details": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.",
      "id": "GSD-1999-0440",
      "modified": "2023-12-13T01:22:57.311972Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-1999-0440",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1939",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/1939"
          },
          {
            "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
            "refsource": "CONFIRM",
            "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
          },
          {
            "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0440"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
            },
            {
              "name": "1939",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/1939"
            },
            {
              "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-10-18T01:59Z",
      "publishedDate": "1999-03-01T05:00Z"
    }
  }
}

FKIE_CVE-1999-0440

Vulnerability from fkie_nvd - Published: 1999-03-01 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

References

	URL	Tags
	cve@mitre.org	http://java.sun.com/pr/1999/03/pr990329-01.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=92333596624452&w=2
	cve@mitre.org	http://www.securityfocus.com/bid/1939
	af854a3a-2127-422b-91ae-364da2661108	http://java.sun.com/pr/1999/03/pr990329-01.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=92333596624452&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/1939

Impacted products

Vendor	Product	Version
netscape	communicator	4.5
netscape	navigator	4.0
netscape	navigator	4.01
netscape	navigator	4.02
netscape	navigator	4.03
netscape	navigator	4.04
netscape	navigator	4.05
netscape	navigator	4.5
netscape	navigator	4.06
netscape	navigator	4.07
netscape	navigator	4.08
netscape	navigator	4.61
sun	java	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CFEB93-B230-473E-A6D0-73CA0C48CB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "60AA08F1-9932-404D-830E-E6D126FC732B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FBC98E-49CF-48F1-9206-DDE8166AA8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "E57BB283-31F4-487A-87CA-A251BFC5133C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4D5F1E-DD1B-4CCE-B16D-05AB2DEBCB18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "E20267FF-FCF8-42BF-9CF1-127FF856C6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EC6F62-37FF-46DD-997C-A4D77182BBEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5904FD1-9806-4C73-A4E8-98C1F8F078EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "431D7EED-1152-4245-92B9-023A4AC88EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BBF8B2-8378-4CA3-B8D4-4ED5D7B8A674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EFA3B-5DE7-40D0-960D-283491163E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
    }
  ],
  "id": "CVE-1999-0440",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1999-03-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1939"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WWVM-JQ77-PVRQ

Vulnerability from github – Published: 2022-04-30 18:10 – Updated: 2022-04-30 18:10

Details

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-1999-0440"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "1999-03-01T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.",
  "id": "GHSA-wwvm-jq77-pvrq",
  "modified": "2022-04-30T18:10:35Z",
  "published": "2022-04-30T18:10:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-0440"
    },
    {
      "type": "WEB",
      "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/1939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-1999-0440 (GCVE-0-1999-0440)

VAR-199903-0046

GSD-1999-0440

FKIE_CVE-1999-0440

GHSA-WWVM-JQ77-PVRQ

Tags

Sightings

Nomenclature