Java Plug-In 1.4/JRE 1.3 Expired Certificate Vulnerability

Java Plug-In is a product from Sun that allows for Java applets to be run in web browsers.

It has been reported that a vulnerability exists when Java Plug-In 1.4 is used on systems with Java Runtime Environment version 1.3 installed. Users may not be alerted by the plugin/JRE when applets have been signed with expired certificates. As a result, the user may be lead to believe that the applet is valid and allow it to be run on the local computer.

The existence of this vulnerability has not yet been confirmed by the vendor.


Privacy Statement
Copyright 2010, SecurityFocus