Lucene search

[email protected]CVE-2007-5274

HistoryOct 08, 2007 - 11:17 p.m.

CVE-2007-5274

2007-10-0823:17:00

[email protected]

web.nvd.nist.gov

sun java

jre

remote attackers

security model

dns rebinding

firefox

opera

cve-2007-5274

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.047 Low

EPSS

Percentile

92.7%

JSON

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Affected configurations

NVD

Node

mozillafirefox

operaopera_browser

AND

sunjdkRange≤1.6.0update2

sunjdkMatch1.5.0update1

sunjdkMatch1.5.0update10

sunjdkMatch1.5.0update11

sunjdkMatch1.5.0update12

sunjdkMatch1.5.0update2

sunjdkMatch1.5.0update3

sunjdkMatch1.5.0update4

sunjdkMatch1.5.0update5

sunjdkMatch1.5.0update7

sunjdkMatch1.5.0update8

sunjdkMatch1.5.0update9

sunjdkMatch1.6.0update1

sunjdkMatch1.6.0update2

sunjdkMatch6

sunjdkMatch6update_1

sunjreRange≤1.3.1update20

sunjreRange≤1.4.2update15

sunjreRange≤1.6.0update2

sunjreMatch1.3.0

sunjreMatch1.3.0update5

sunjreMatch1.3.1update1

sunjreMatch1.3.1update16

sunjreMatch1.3.1update18

sunjreMatch1.3.1update19

sunjreMatch1.3.1update1a

sunjreMatch1.4

sunjreMatch1.4.1update3

sunjreMatch1.4.2

sunjreMatch1.4.2_1

sunjreMatch1.4.2_3

sunjreMatch1.4.2_8

sunjreMatch1.4.2_9

sunjreMatch1.4.2_10

sunjreMatch1.4.2_11

sunjreMatch1.4.2_12

sunjreMatch1.4.2_13

sunjreMatch1.4.2_14

sunjreMatch1.5.0update1

sunjreMatch1.5.0update10

sunjreMatch1.5.0update11

sunjreMatch1.5.0update12

sunjreMatch1.5.0update2

sunjreMatch1.5.0update3

sunjreMatch1.5.0update4

sunjreMatch1.5.0update5

sunjreMatch1.5.0update6

sunjreMatch1.5.0update7

sunjreMatch1.5.0update8

sunjreMatch1.5.0update9

sunjreMatch1.6.0update_1

sunsdkRange≤1.3.1_20

sunsdkMatch1.3.1_01

sunsdkMatch1.3.1_01a

sunsdkMatch1.3.1_16

sunsdkMatch1.3.1_18

sunsdkMatch1.3.1_19

sunsdkMatch1.4.2

sunsdkMatch1.4.2_03

sunsdkMatch1.4.2_08

sunsdkMatch1.4.2_09

sunsdkMatch1.4.2_10

sunsdkMatch1.4.2_11

sunsdkMatch1.4.2_12

sunsdkMatch1.4.2_13

sunsdkMatch1.4.2_14

sunsdkMatch1.4.2_15

CPENameOperatorVersion
sun:jdksun jdkle1.6.0
sun:jdksun jdkeq1.5.0
sun:jdksun jdkeq6
sun:jresun jrele1.3.1
sun:jresun jrele1.4.2
sun:jresun jrele1.6.0
sun:jresun jreeq1.3.0
sun:jresun jreeq1.4
sun:jresun jreeq1.4.1
sun:jresun jreeq1.4.2_1

CPE	Name	Operator	Version
sun:jdk	sun jdk	le	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:jdk	sun jdk	eq	6
sun:jre	sun jre	le	1.3.1
sun:jre	sun jre	le	1.4.2
sun:jre	sun jre	le	1.6.0
sun:jre	sun jre	eq	1.3.0
sun:jre	sun jre	eq	1.4
sun:jre	sun jre	eq	1.4.1
sun:jre	sun jre	eq	1.4.2_1