CVE-2004-1029 [Critical] | Security Vulnerability in Java Sdk-Rte

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

EDB-ID	Source	Kind	Published	Link
24763	exploit_db	edb	2004-11-22	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

24763

exploit_db

edb

2004-11-22

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-01-24	42.56%	37.03%	-5.53%
2	2025-05-14	35.39%	42.56%	+7.17%
3	2025-03-30	—	35.39%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-01-24

42.56%

37.03%

-5.53%

2025-05-14

35.39%

42.56%

+7.17%

2025-03-30

—

35.39%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.3	2.0	HIGH	`AV:N/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.6	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.3

2.0

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.6

10.0

[email protected]

Affected software / configurations for CVE-2004-1029

Vendor	Product	Version	Raw CPE
hp	java_sdk-rte	1.3	cpe:2.3:a:hp:java_sdk-rte:1.3::hp-ux_pa-risc:::::
hp	java_sdk-rte	1.4	cpe:2.3:a:hp:java_sdk-rte:1.4::hp-ux_pa-risc:::::
sun	jdk	1.3.1_01	cpe:2.3:a:sun:jdk:1.3.1_01::linux:::::
sun	jdk	1.3.1_01	cpe:2.3:a:sun:jdk:1.3.1_01::solaris:::::
sun	jdk	1.3.1_01a	cpe:2.3:a:sun:jdk:1.3.1_01a::windows:::::
sun	jdk	1.3.1_02	cpe:2.3:a:sun:jdk:1.3.1_02::linux:::::
sun	jdk	1.3.1_02	cpe:2.3:a:sun:jdk:1.3.1_02::solaris:::::
sun	jdk	1.3.1_02	cpe:2.3:a:sun:jdk:1.3.1_02::windows:::::
sun	jdk	1.3.1_03	cpe:2.3:a:sun:jdk:1.3.1_03::linux:::::
sun	jdk	1.3.1_03	cpe:2.3:a:sun:jdk:1.3.1_03::solaris:::::
sun	jdk	1.3.1_03	cpe:2.3:a:sun:jdk:1.3.1_03::windows:::::
sun	jdk	1.3.1_04	cpe:2.3:a:sun:jdk:1.3.1_04::windows:::::
sun	jdk	1.3.1_05	cpe:2.3:a:sun:jdk:1.3.1_05::linux:::::
sun	jdk	1.3.1_05	cpe:2.3:a:sun:jdk:1.3.1_05::solaris:::::
sun	jdk	1.3.1_05	cpe:2.3:a:sun:jdk:1.3.1_05::windows:::::
sun	jdk	1.3.1_06	cpe:2.3:a:sun:jdk:1.3.1_06::linux:::::
sun	jdk	1.3.1_06	cpe:2.3:a:sun:jdk:1.3.1_06::solaris:::::
sun	jdk	1.3.1_06	cpe:2.3:a:sun:jdk:1.3.1_06::windows:::::
sun	jdk	1.3.1_07	cpe:2.3:a:sun:jdk:1.3.1_07::linux:::::
sun	jdk	1.3.1_07	cpe:2.3:a:sun:jdk:1.3.1_07::solaris:::::
sun	jdk	1.3.1_07	cpe:2.3:a:sun:jdk:1.3.1_07::windows:::::
sun	jdk	1.4	cpe:2.3:a:sun:jdk:1.4::linux:::::
sun	jdk	1.4	cpe:2.3:a:sun:jdk:1.4::solaris:::::
sun	jdk	1.4	cpe:2.3:a:sun:jdk:1.4::windows:::::
sun	jdk	1.4.0_01	cpe:2.3:a:sun:jdk:1.4.0_01::windows:::::
sun	jdk	1.4.0_02	cpe:2.3:a:sun:jdk:1.4.0_02::linux:::::
sun	jdk	1.4.0_02	cpe:2.3:a:sun:jdk:1.4.0_02::solaris:::::
sun	jdk	1.4.0_02	cpe:2.3:a:sun:jdk:1.4.0_02::windows:::::
sun	jdk	1.4.0_03	cpe:2.3:a:sun:jdk:1.4.0_03::linux:::::
sun	jdk	1.4.0_03	cpe:2.3:a:sun:jdk:1.4.0_03::solaris:::::
sun	jdk	1.4.0_03	cpe:2.3:a:sun:jdk:1.4.0_03::windows:::::
sun	jdk	1.4.0_4	cpe:2.3:a:sun:jdk:1.4.0_4::linux:::::
sun	jdk	1.4.0_4	cpe:2.3:a:sun:jdk:1.4.0_4::solaris:::::
sun	jdk	1.4.0_4	cpe:2.3:a:sun:jdk:1.4.0_4::windows:::::
sun	jdk	1.4.1	cpe:2.3:a:sun:jdk:1.4.1::linux:::::
sun	jdk	1.4.1	cpe:2.3:a:sun:jdk:1.4.1::solaris:::::
sun	jdk	1.4.1	cpe:2.3:a:sun:jdk:1.4.1::windows:::::
sun	jdk	1.4.1_01	cpe:2.3:a:sun:jdk:1.4.1_01::linux:::::
sun	jdk	1.4.1_01	cpe:2.3:a:sun:jdk:1.4.1_01::solaris:::::
sun	jdk	1.4.1_01	cpe:2.3:a:sun:jdk:1.4.1_01::windows:::::
sun	jdk	1.4.1_02	cpe:2.3:a:sun:jdk:1.4.1_02::linux:::::
sun	jdk	1.4.1_02	cpe:2.3:a:sun:jdk:1.4.1_02::solaris:::::
sun	jdk	1.4.1_02	cpe:2.3:a:sun:jdk:1.4.1_02::windows:::::
sun	jdk	1.4.1_03	cpe:2.3:a:sun:jdk:1.4.1_03::linux:::::
sun	jdk	1.4.1_03	cpe:2.3:a:sun:jdk:1.4.1_03::solaris:::::
sun	jdk	1.4.1_03	cpe:2.3:a:sun:jdk:1.4.1_03::windows:::::
sun	jdk	1.4.2	cpe:2.3:a:sun:jdk:1.4.2::linux:::::
sun	jdk	1.4.2	cpe:2.3:a:sun:jdk:1.4.2::solaris:::::
sun	jdk	1.4.2	cpe:2.3:a:sun:jdk:1.4.2::windows:::::
sun	jdk	1.4.2_01	cpe:2.3:a:sun:jdk:1.4.2_01::linux:::::
sun	jdk	1.4.2_02	cpe:2.3:a:sun:jdk:1.4.2_02::linux:::::
sun	jdk	1.4.2_03	cpe:2.3:a:sun:jdk:1.4.2_03::linux:::::
sun	jdk	1.4.2_03	cpe:2.3:a:sun:jdk:1.4.2_03::solaris:::::
sun	jdk	1.4.2_03	cpe:2.3:a:sun:jdk:1.4.2_03::windows:::::
sun	jdk	1.4.2_04	cpe:2.3:a:sun:jdk:1.4.2_04::linux:::::
sun	jdk	1.4.2_04	cpe:2.3:a:sun:jdk:1.4.2_04::solaris:::::
sun	jdk	1.4.2_04	cpe:2.3:a:sun:jdk:1.4.2_04::windows:::::
sun	jdk	1.4.2_05	cpe:2.3:a:sun:jdk:1.4.2_05::linux:::::
sun	jdk	1.4.2_05	cpe:2.3:a:sun:jdk:1.4.2_05::solaris:::::
sun	jdk	1.4.2_05	cpe:2.3:a:sun:jdk:1.4.2_05::windows:::::
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0::linux:::::
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0::solaris:::::
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0::windows:::::
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update1:linux:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update2:linux:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update2:solaris:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update2:windows:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update3:linux:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update4:linux:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update4:windows:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update5:linux:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update5:solaris:::::*
sun	jre	1.3.0	cpe:2.3:a:sun:jre:1.3.0:update5:windows:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1::linux:::::
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update1:linux:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update1:solaris:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update1:windows:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update1a:windows:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update4:solaris:::::*
sun	jre	1.3.1	cpe:2.3:a:sun:jre:1.3.1:update4:windows:::::*

References for CVE-2004-1029

URL	Tags
http://jouko.iki.fi/adv/javaplugin.html
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
http://secunia.com/advisories/13271	Vendor Advisory
http://secunia.com/advisories/29035	Vendor Advisory
http://securityreason.com/securityalert/61
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://www.kb.cert.org/vuls/id/760344	US Government Resource
http://www.securityfocus.com/bid/12317	Patch
http://www.vupen.com/english/advisories/2008/0599	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674

URL

CVE-2004-1029

Public exploit references (Exploit-DB) for CVE-2004-1029

Exploit prediction scoring system (EPSS) score for CVE-2004-1029

Common vulnerability scoring system (CVSS) metrics for CVE-2004-1029

Weakness enumeration for CVE-2004-1029

Affected software / configurations for CVE-2004-1029

References for CVE-2004-1029