CVE-2007-5274

Loading...

General

Score:2.6/10.0
Severity:Low
Category:N/A

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2007-3698, CVE-2007-4381, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5273, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-5689, CVE-2007-6286, CVE-2008-0657, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196

Published on 09/10/07 - Updated on 30/10/18

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2007-5274
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-440
Redhat RHSA-2008:0132
Renater 2007/VULN539, 2008/VULN049, 2008/VULN218

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
sunjdk
sunjre
sunsdk

Share this vulnerability with:

Twitter Facebook LinkedIn Mail