CVE-2007-5274JDK vulnerability

8 documents5 sources
Severity
2.6LOWNVD
CNA4.0
EPSS
5.1%
top 10.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedOct 8
Latest updateMay 1

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

NVDsun/jdk1.6.0+3
NVDsun/jre1.3.1+18
NVDsun/sdk1.3.1_20+15

🔴Vulnerability Details

2
GHSA
GHSA-8686-7jv2-5qvr: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 52022-05-01
CVEList
CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 52007-10-08

📋Vendor Advisories

2
Red Hat
Anti-DNS Pinning and Java Applets with Opera and Firefox2007-10-04
Red Hat
Anti-DNS Pinning and Java Applets with HTTP proxy2007-07-09

💬Community

3
Bugzilla
CVE-2007-5375 Java Multi-pin DNS rebinding allows arbitrary Javascript Execution2008-06-03
Bugzilla
CVE-2007-5274 Anti-DNS Pinning and Java Applets with Opera and Firefox2007-10-09
Bugzilla
CVE-2007-5273 Anti-DNS Pinning and Java Applets with HTTP proxy2007-10-09
CVE-2007-5274 — SUN JDK vulnerability | cvebase