fkie_cve-2007-5274
Vulnerability from fkie_nvd
Published
2007-10-08 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
References
cve@mitre.orghttp://crypto.stanford.edu/dns/dns-rebinding.pdf
cve@mitre.orghttp://dev2dev.bea.com/pub/advisory/272
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
cve@mitre.orghttp://secunia.com/advisories/27206Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27261Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27693Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27716Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27804Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28777Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28880Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29042Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29858Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29897Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30676Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30780Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200804-28.xml
cve@mitre.orghttp://securitytracker.com/id?1018771
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1Vendor Advisory
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1Vendor Advisory
cve@mitre.orghttp://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_55_java.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0963.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-1041.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0132.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/482926/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/25918
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0010.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3895Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0609Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1856/referencesVendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908
af854a3a-2127-422b-91ae-364da2661108http://crypto.stanford.edu/dns/dns-rebinding.pdf
af854a3a-2127-422b-91ae-364da2661108http://dev2dev.bea.com/pub/advisory/272
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27206Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27261Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27693Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27716Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27804Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28777Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28880Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29042Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29858Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29897Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30676Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30780Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200804-28.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018771
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_55_java.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0963.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-1041.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0132.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482926/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25918
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0010.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3895Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0609Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1856/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908
Impacted products
Vendor Product Version
mozilla firefox *
opera opera_browser *
sun jdk *
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.5.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 6
sun jdk 6
sun jre *
sun jre *
sun jre *
sun jre 1.3.0
sun jre 1.3.0
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.3.1
sun jre 1.4
sun jre 1.4.1
sun jre 1.4.2
sun jre 1.4.2_1
sun jre 1.4.2_3
sun jre 1.4.2_8
sun jre 1.4.2_9
sun jre 1.4.2_10
sun jre 1.4.2_11
sun jre 1.4.2_12
sun jre 1.4.2_13
sun jre 1.4.2_14
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.5.0
sun jre 1.6.0
sun sdk *
sun sdk 1.3.1_01
sun sdk 1.3.1_01a
sun sdk 1.3.1_16
sun sdk 1.3.1_18
sun sdk 1.3.1_19
sun sdk 1.4.2
sun sdk 1.4.2_03
sun sdk 1.4.2_08
sun sdk 1.4.2_09
sun sdk 1.4.2_10
sun sdk 1.4.2_11
sun sdk 1.4.2_12
sun sdk 1.4.2_13
sun sdk 1.4.2_14
sun sdk 1.4.2_15



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D89F03D-7980-4385-8EE1-30A1B70EE257",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:*:update2:*:*:*:*:*:*",
              "matchCriteriaId": "03E4E4BB-0526-42F9-9649-F10AEB4EBFE5",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1264A513-5AE3-4F0E-8387-1F75EBAEA241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "9C9F6EA8-6A88-4485-89A3-0FDF84AB51DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update20:*:*:*:*:*:*",
              "matchCriteriaId": "A0B96904-0648-4A25-8A0D-6CD078748857",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update15:*:*:*:*:*:*",
              "matchCriteriaId": "1D07A979-1ECC-4F1F-A7A0-F00FC7422CED",
              "versionEndIncluding": "1.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update2:*:*:*:*:*:*",
              "matchCriteriaId": "D64D8A64-7079-403A-81BF-9D518E4A7752",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAB87D43-2860-43DD-94EE-886D7D75A351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "A06743B3-2637-47C2-BD1A-28D9F584ED75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update16:*:*:*:*:*:*",
              "matchCriteriaId": "FD3AC618-7B66-4167-ABE5-87BE6907FB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update18:*:*:*:*:*:*",
              "matchCriteriaId": "2B0EAF17-18D3-45F2-9B6F-66BEC0F49FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update19:*:*:*:*:*:*",
              "matchCriteriaId": "5F861B32-B878-4DFC-A9D1-350B1013AA1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*",
              "matchCriteriaId": "04FB9247-7DB5-46A1-9E99-C25A729FB5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73559DD-54B4-4DF2-81BC-9109DB29DCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.1:update3:*:*:*:*:*:*",
              "matchCriteriaId": "58FC43CA-1F08-4A4B-838B-840838BC67FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63978872-E797-4F13-B0F9-98CB67D0962A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EEAB662-644A-4D7B-8237-64142CF48724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BED1009E-AE60-43A0-A0F5-38526EFCF423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D102063B-2434-4141-98E7-2DE501AE1728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B8CD03-CD31-4F4D-BA90-59435578A4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "41A994BF-1F64-480A-8AA5-748DDD0AB68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "88519F2D-AD06-4F05-BEDA-A09216F1B481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC728978-368D-4B36-B149-70473E92BD1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5187B1-CB86-48E8-A595-9FCFD9822C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C660DE4-543A-4E9B-825D-CD099D08CBD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB8C5E3-C70C-46F6-897C-AB8D6470800E",
              "versionEndIncluding": "1.3.1_20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "34710306-D6CF-4D07-84BF-71A8839BE416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B93DC8-6375-4B41-B9BC-F22F592C56B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*",
              "matchCriteriaId": "A053DEF6-1317-4DA8-91D7-E1970DA62351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB0605FF-3DDC-4F3A-8171-F3A447E9C292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*",
              "matchCriteriaId": "801FF3B4-0729-4710-BFC2-4B078029944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "002CA86D-3090-4C7A-947A-21CB5D1ADD98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A3D49A-BE20-47BF-A85F-122357BAB098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD02EBDF-6E51-4538-9EDD-B1DE914D09C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C3C0E3-5F40-412B-A4AD-A7A291DE2A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "36888382-79C8-4C97-A654-C668CD68556F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F34C99E6-F9F0-4EF3-8601-B47EAE3D7273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74DD08D-CEDB-460E-BED5-78F6CAF18BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F64FBC-DC97-4FE3-A235-18B87945AF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*",
              "matchCriteriaId": "85048406-9051-4E69-94A8-5C449F3B89E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.  NOTE: this is similar to CVE-2007-5232."
    },
    {
      "lang": "es",
      "value": "Sun Java Runtime Environment (JRE) en JDK y JRE versi\u00f3n 6 Update 2 y anteriores, JDK y JRE versi\u00f3n 5.0 Update 12 y anteriores, SDK y JRE versi\u00f3n 1.4.2_15 y anteriores, y SDK y JRE versi\u00f3n 1.3.1_20 y anteriores, cuando Firefox u Opera son usados, permite a los atacantes remotos violar el modelo de seguridad para las conexiones salientes de JavaScript por medio de un ataque de reconexi\u00f3n de DNS de m\u00faltiples pines dependiente de la API LiveConnect, en la que la descarga JavaScript depende de la resoluci\u00f3n DNS del navegador, pero las operaciones socket de JavaScript se basan en una resoluci\u00f3n DNS separada por una m\u00e1quina virtual Java (JVM), un problema diferente al CVE-2007-5273. NOTA: este es igual al CVE-2007-5232."
    }
  ],
  "id": "CVE-2007-5274",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-08T23:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/pub/advisory/272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27206"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27261"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27693"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27716"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27804"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28777"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29042"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29897"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018771"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25918"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3895"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0609"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/pub/advisory/272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1856/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10908"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…