CVE-2004-2764

Name: CVE-2004-2764
Creator: NVD / NIST
Published: 2009-06-02T10:30:00.17+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.36%

Last modified Jun 16, 2026

CVE-2004-2764 is a vulnerability of currently unknown severity. Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing.". EPSS estimates a 2.36% chance of exploitation in the next 30 days.

Description

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."

Metrics

EPSS Probability

2.36%

81.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Sun	Jre	1.4.0
Sun	Jre	1.4.0_01
Sun	Jre	1.4.0_02
Sun	Jre	1.4.0_03
Sun	Jre	1.4.0_04
Sun	Jre	1.4.1
Sun	Jre	1.4.1_01
Sun	Jre	1.4.1_02
Sun	Jre	1.4.1_03
Sun	Jre	1.4.1_04
Sun	Jre	1.4.1_05
Sun	Jre	1.4.1_06
Sun	Jre	1.4.1_07
Sun	Jre	1.4.2
Sun	Jre	1.4.2_01
Sun	Jre	1.4.2_1
Sun	Jre	1.4.2_2
Sun	Jre	1.4.2_02
Sun	Jre	1.4.2_03
Sun	Jre	1.4.2_3
Sun	Jre	1.4.2_4
Sun	Jre	1.4.2_04
Sun	Jre	1.4.2_5
Sun	Jre	1.4.2_6
Sun	Jre	1.4.2_7
Sun	Jre	1.4.2_8
Sun	Jre	1.4.2_9
Sun	Jre	1.4.2_10
Sun	Jre	1.4.2_11
Sun	Jre	1.4.2_12
Sun	Jre	1.4.2_13
Sun	Jre	1.4.2_14
Sun	Jre	1.4.2_15
Sun	Jre	1.4.2_21
Sun	Sdk	1.4.0
Sun	Sdk	1.4.0_01
Sun	Sdk	1.4.0_02
Sun	Sdk	1.4.0_03
Sun	Sdk	1.4.0_04
Sun	Sdk	1.4.1
Sun	Sdk	1.4.1_01
Sun	Sdk	1.4.1_02
Sun	Sdk	1.4.1_03
Sun	Sdk	1.4.1_04
Sun	Sdk	1.4.1_05
Sun	Sdk	1.4.1_06
Sun	Sdk	1.4.1_07
Sun	Sdk	1.4.2
Sun	Sdk	1.4.2_01
Sun	Sdk	1.4.2_02

Showing 50 of 52 affected configurations. See NVD for the full list.

References

Timeline

Published: Jun 2, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-2764?

How severe is CVE-2004-2764?

Severity scoring for CVE-2004-2764 is pending analysis. The EPSS model estimates a 2.36% probability of exploitation in the next 30 days.

How do I fix CVE-2004-2764?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2764?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST