Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Apr 16, 2026

CVE-2003-1229

Description

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Affected products

Oracle Corporation/Jre
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Range: >=1.3.0,<=1.4.1
Sun Corporation/Java Web Start
cpe:2.3:a:sun:java_web_start:*:*:*:*:*:*:*:*
Range: >=1.0,<=1.2
Sun Corporation/Jsse
cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/7943nvdBroken LinkPatchVendor Advisory
sunsolve.sun.com/search/document.donvdBroken LinkPatchVendor Advisory
www.securityfocus.com/bid/6682nvdBroken LinkPatchThird Party AdvisoryVDB Entry
java.sun.com/products/jsse/CHANGES.txtnvdBroken LinkVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/11182nvdThird Party AdvisoryVDB Entry
archives.neohapsis.com/archives/bugtraq/2003-01/0334.htmlnvdBroken Link
www1.itrc.hp.com/service/cki/docDisplay.donvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000