COMMAND

    JRE

SYSTEMS AFFECTED

    Java Plugin 1.4 with JRE 1.3

PROBLEM

    Daniel  Kasmeroglu  found  following.   During  work  he found out
    that  the  combination  of  the  Java  Plugin 1.4 with the JRE 1.3
    doesn't handle certificates  properly.  An  applet signed with  an
    outdated  certificate  shouldn't  be  able  to  get  access to the
    filesystem  on  the  client  machine.   However  this happens when
    using the named combination.   So his applet was  able to do  some
    filesystem operations  without a  valid certificate.   For  better
    bugtracking  Daniel  generated  some  files  (HTML,  JSP,  Applet,
    Certificate) to reproduce this problem.

    Here you'll find these files:

        http://user.cs.tu-berlin.de/~raptor/SecurityFault/

    Starting  point  is  the  file  SecurityFault.html.   If  you  got
    JBuilder a corresponding project file is included.

SOLUTION

    Nothing yet.