CVE-2007-3922 — JDK vulnerability

5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

4.1%

top 11.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 21

Latest updateMay 1

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk1.5.0+1

▶NVDsun/jre1.5.0+1

▶NVDsun/sdk1.4.2_14

🔴Vulnerability Details

GHSA

GHSA-c2xh-7j87-6j25: Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2007-3922: Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5↗2007-07-21

▶

📋Vendor Advisories

Red Hat

Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions↗2007-07-18

▶

💬Community

Bugzilla

CVE-2007-3922 Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions↗2007-07-25

▶