Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-5273
HistoryOct 08, 2007 - 11:17 p.m.

CVE-2007-5273

2007-10-0823:17:00
[email protected]
web.nvd.nist.gov
34
cve-2007-5273
sun java
jre
jdk
http proxy server
security model
applet
dns rebinding attack

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.047 Low

EPSS

Percentile

92.7%

JSON

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet’s outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet’s socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

Affected configurations

NVD
Node
sunjdkMatch1.5.0update1
OR
sunjdkMatch1.5.0update10
OR
sunjdkMatch1.5.0update11
OR
sunjdkMatch1.5.0update12
OR
sunjdkMatch1.5.0update2
OR
sunjdkMatch1.5.0update3
OR
sunjdkMatch1.5.0update4
OR
sunjdkMatch1.5.0update5
OR
sunjdkMatch1.5.0update7
OR
sunjdkMatch1.5.0update8
OR
sunjdkMatch1.5.0update9
OR
sunjdkMatch1.6.0update1
OR
sunjdkMatch1.6.0update2
OR
sunjreMatch1.3.0
OR
sunjreMatch1.3.0update5
OR
sunjreMatch1.3.1update1
OR
sunjreMatch1.3.1update16
OR
sunjreMatch1.3.1update18
OR
sunjreMatch1.3.1update19
OR
sunjreMatch1.3.1update1a
OR
sunjreMatch1.3.1update20
OR
sunjreMatch1.4
OR
sunjreMatch1.4.1update3
OR
sunjreMatch1.4.2
OR
sunjreMatch1.4.2_1
OR
sunjreMatch1.4.2_3
OR
sunjreMatch1.4.2_8
OR
sunjreMatch1.4.2_9
OR
sunjreMatch1.4.2_10
OR
sunjreMatch1.4.2_11
OR
sunjreMatch1.4.2_12
OR
sunjreMatch1.4.2_13
OR
sunjreMatch1.4.2_14
OR
sunjreMatch1.4.2_15
OR
sunjreMatch1.5.0update1
OR
sunjreMatch1.5.0update10
OR
sunjreMatch1.5.0update11
OR
sunjreMatch1.5.0update12
OR
sunjreMatch1.5.0update2
OR
sunjreMatch1.5.0update3
OR
sunjreMatch1.5.0update4
OR
sunjreMatch1.5.0update5
OR
sunjreMatch1.5.0update6
OR
sunjreMatch1.5.0update7
OR
sunjreMatch1.5.0update8
OR
sunjreMatch1.5.0update9
OR
sunjreMatch1.6.0update_1
OR
sunjreMatch1.6.0update_2
OR
sunsdkMatch1.3.1_01
OR
sunsdkMatch1.3.1_01a
OR
sunsdkMatch1.3.1_16
OR
sunsdkMatch1.3.1_18
OR
sunsdkMatch1.3.1_19
OR
sunsdkMatch1.3.1_20
OR
sunsdkMatch1.4.2
OR
sunsdkMatch1.4.2_03
OR
sunsdkMatch1.4.2_08
OR
sunsdkMatch1.4.2_09
OR
sunsdkMatch1.4.2_10
OR
sunsdkMatch1.4.2_11
OR
sunsdkMatch1.4.2_12
OR
sunsdkMatch1.4.2_13
OR
sunsdkMatch1.4.2_14
OR
sunsdkMatch1.4.2_15

References

Related

cvelist 3
prion 3
ubuntucve 3
nvd 3
cve 2
securityvulns 1
redhat 5
nessus 22
openvas 24
suse 2
freebsd 1
cert 1
gentoo 1
vmware 2
rosalinux 1
cvelist
cvelist
CVE-2007-5273
2007-10-08 23:00:00
CVE-2007-5274
2007-10-08 23:00:00
CVE-2007-5232
2007-10-05 23:00:00
prion
prion
Design/Logic Flaw
2007-10-08 23:17:00
Code injection
2007-10-08 23:17:00
Code injection
2007-10-05 23:17:00
ubuntucve
ubuntucve
CVE-2007-5274
2007-10-08 00:00:00
CVE-2007-5273
2007-10-08 00:00:00
CVE-2007-5232
2007-10-05 00:00:00
nvd
nvd
CVE-2007-5274
2007-10-08 23:17:00
CVE-2007-5273
2007-10-08 23:17:00
CVE-2007-5232
2007-10-05 23:17:00
cve
cve
CVE-2007-5274
2007-10-08 23:17:00
CVE-2007-5232
2007-10-05 23:17:00
securityvulns
securityvulns
Sun Java JRE / JDK multiple security vulnerabilities
2007-10-30 00:00:00
redhat
redhat
(RHSA-2007:1041) Important: java-1.5.0-ibm security update
2007-11-26 00:00:00
(RHSA-2007:0963) Important: java-1.5.0-sun security update
2007-10-12 00:00:00
(RHSA-2008:0156) Moderate: java-1.5.0-bea security update
2008-03-05 00:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:1041)
2009-08-24 00:00:00
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)
2009-08-24 00:00:00
RHEL 5 : java-1.5.0-bea (RHSA-2008:0156)
2009-08-24 00:00:00
openvas
openvas
SLES9: Security update for Sun Java 2
2009-10-10 00:00:00
SLES9: Security update for Sun Java 2
2009-10-10 00:00:00
SuSE Update for Sun Java SUSE-SA:2007:055
2009-01-28 00:00:00
suse
suse
remote code execution in Sun Java
2007-10-17 16:49:13
remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm
2008-04-25 14:46:33
freebsd
freebsd
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
2007-10-03 00:00:00
cert
cert
Sun Java JRE vulnerable to unauthorized network access
2007-10-05 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2008-04-17 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for CVE-2007-5273
cvelist3prion3ubuntucve3nvd3cve2securityvulns1redhat5nessus22openvas24suse2freebsd1cert1gentoo1vmware2rosalinux1