Lucene search

[email protected]CVE-2007-3922

HistoryJul 21, 2007 - 12:30 a.m.

CVE-2007-3922

2007-07-2100:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3922

java

runtime environment

jre

applet

class loader

sun jdk

jre 5.0

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet’s outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

Affected configurations

NVD

Node

sunjdkRange≤1.5.0update9

sunjdkRange≤1.6.0update1

sunjreRange≤1.5.0update11

sunjreRange≤1.6.0update1

sunsdkRange≤1.4.2_14

CPENameOperatorVersion
sun:jdksun jdkle1.5.0
sun:jdksun jdkle1.6.0
sun:jresun jrele1.5.0
sun:jresun jrele1.6.0
sun:sdksun sdkle1.4.2_14

CPE	Name	Operator	Version
sun:jdk	sun jdk	le	1.5.0
sun:jdk	sun jdk	le	1.6.0
sun:jre	sun jre	le	1.5.0
sun:jre	sun jre	le	1.6.0
sun:sdk	sun sdk	le	1.4.2_14

References

dev2dev.bea.com/pub/advisory/248

docs.info.apple.com/article.html?artnum=307177

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

secunia.com/advisories/26314

secunia.com/advisories/26369

secunia.com/advisories/26631

secunia.com/advisories/26645

secunia.com/advisories/26933

secunia.com/advisories/27266

secunia.com/advisories/27635

secunia.com/advisories/28115

secunia.com/advisories/30805

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841

sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

support.avaya.com/elmodocs2/security/ASA-2007-322.htm

www.gentoo.org/security/en/glsa/glsa-200709-15.xml

www.novell.com/linux/security/advisories/2007_56_ibmjava.html

www.redhat.com/support/errata/RHSA-2007-0818.html

www.redhat.com/support/errata/RHSA-2007-0829.html

www.redhat.com/support/errata/RHSA-2008-0133.html

www.securityfocus.com/bid/25054

www.securitytracker.com/id?1018428

www.vupen.com/english/advisories/2007/2573

www.vupen.com/english/advisories/2007/3009

www.vupen.com/english/advisories/2007/3861

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/35491

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2007-3922

openvas10 ubuntucve1 nvd1 prion1 cvelist1 nessus16 redhat3 suse1 gentoo1 f52