CVE-2007-5274

 

Published at: - 09-10-2007 01:17

Last modified: - 06-10-2022 02:13

Total changes: - 2

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:N/I:P/A:N

 

Verification logic

 

Reference

• http://crypto.stanford.edu/dns/dns-rebinding.pdf
• 103078-Vendor Advisory
• 1018771-
• http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
• RHSA-2007:0963-
• RHSA-2007:1041-
• SUSE-SA:2007:055-
• 25918-
• 27206-Vendor Advisory
• 27261-Vendor Advisory
• 27716-Vendor Advisory
• 27693-Vendor Advisory
• 27804-Vendor Advisory
• 28777-Vendor Advisory
• BEA08-198.00-
• RHSA-2008:0132-
• 28880-Vendor Advisory
• 29042-Vendor Advisory
• 200041-Vendor Advisory
• GLSA-200804-20-
• SUSE-SA:2008:025-
• 29858-Vendor Advisory
• GLSA-200804-28-
• 29897-Vendor Advisory
• 30780-Vendor Advisory
• 30676-Vendor Advisory
• http://www.vmware.com/security/advisories/VMSA-2008-0010.html
• GLSA-200806-11-
• ADV-2008-0609-Vendor Advisory
• ADV-2008-1856-Vendor Advisory
• ADV-2007-3895-Vendor Advisory
• HPSBUX02284-
• oval:org.mitre.oval:def:10908-
• 20071029 FLEA-2007-0061-1 sun-jre sun-jdk-

 

Keywords

NVD

 

CVE-2007-5274

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures