Bugtraq mailing list archives
Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
From: Daniel Kasmeroglu <daniel.kasmeroglu () web de>
Date: 24 Aug 2001 22:58:58 -0000
During work I've found out that the combination of the Java Plugin 1.4 with the JRE 1.3 doesn't handle certificates properly. An applet signed with an outdated certificate shouldn't be able to get access to the filesystem on the client machine. However this happens when using the named combination. So my applet was able to do some filesystem operations without a valid certificate. For better bugtracking I've generated some files (HTML,JSP,Applet,Certificate) to reproduce this problem. Here you'll find these files: http://user.cs.tu-berlin.de/~raptor/SecurityFault/ Starting point is the file SecurityFault.html .If you got JBuilder a corresponding project file is included.
Current thread:
- Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. Daniel Kasmeroglu (Aug 24)