CVE-2007-5273 — JDK vulnerability

8 documents5 sources

Severity

2.6LOWNVD

CNA4.0

EPSS

6.9%

top 8.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedOct 8

Latest updateMay 1

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machin…

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDsun/jdk1.5.0, 1.6.0+1

▶NVDsun/jre17 versions+16

▶NVDsun/sdk16 versions+15

Patches

Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-7mgj-mxcg-g7rv: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5↗2007-10-08

▶

📋Vendor Advisories

Red Hat

Anti-DNS Pinning and Java Applets with Opera and Firefox↗2007-10-04

▶

Red Hat

Anti-DNS Pinning and Java Applets with HTTP proxy↗2007-07-09

▶

💬Community

Bugzilla

CVE-2007-5375 Java Multi-pin DNS rebinding allows arbitrary Javascript Execution↗2008-06-03

▶

Bugzilla

CVE-2007-5273 Anti-DNS Pinning and Java Applets with HTTP proxy↗2007-10-09

▶

Bugzilla

CVE-2007-5274 Anti-DNS Pinning and Java Applets with Opera and Firefox↗2007-10-09

▶