Bug Id
4670154

Date of Resolved Release
04-JUN-2003

Impact

A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet to access information from a trusted applet. This is not allowed by the Java security model. The trusted applet must contain code that exploits this vulnerability.

Sun acknowledges with thanks, RecipeXperience, for bringing this issue to our attention.

Contributing Factors

This issue can occur in the following releases:

Windows Production Releases

• SDK and JRE 1.4.0_01 or earlier
• SDK and JRE 1.3.1_04 or earlier
• SDK and JRE 1.3.0_05 or earlier
• SDK and JRE 1.2.2_012 or earlier

Solaris Operating Environment (OE) Reference Releases

• SDK and JRE 1.2.2_012 or earlier

Solaris OE Production Releases

• SDK and JRE 1.4.0_01 or earlier
• SDK and JRE 1.3.1_04 or earlier
• SDK and JRE 1.3.0_05 or earlier
• SDK and JRE 1.2.2_12 or earlier

Linux Production Releases

• SDK and JRE 1.4.0_01 or earlier
• SDK and JRE 1.3.1_04 or earlier
• SDK and JRE 1.3.0_05 or earlier
• SDK and JRE 1.2.2_012 or earlier

Note: SDK and JRE 1.4.1 and later releases for Windows, Linux, and Solaris are not affected.

Symptoms

There are no reliable symptoms that would show the described issue has been exploited.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

Windows Production Releases

• SDK and JRE 1.4.0_02 and later
• SDK and JRE 1.3.1_05 and later
• SDK and JRE 1.2.2_013 and later

Solaris OE Reference Releases

• SDK and JRE 1.2.2_013 and later

Solaris OE Production Releases

• SDK and JRE 1.4.0_02 and later
• SDK and JRE 1.3.1_05 and later
• SDK and JRE 1.2.2_13 and later

Linux Production Releases

• SDK and JRE 1.4.0_02 and later
• SDK and JRE 1.3.1_05 and later
• SDK and JRE 1.2.2_013 and later

SDK and JRE releases are available at http://java.sun.com/j2se/

Product
Java 2 Platform, Standard Edition 1.4
























Attachments

This solution has no attachment