National Cyber Awareness System

Vulnerability Summary for CVE-2007-5273

Overview

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: SUNALERT

Name: 103078

Type: Advisory; Patch Information

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1

External Source: SECTRACK

Name: 1018771

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1018771

External Source: VUPEN

Name: ADV-2008-0609

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/0609

External Source: VUPEN

Name: ADV-2007-3895

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/3895

External Source: BID

Name: 25918

Hyperlink:http://www.securityfocus.com/bid/25918

External Source: BUGTRAQ

Name: 20071029 FLEA-2007-0061-1 sun-jre sun-jdk

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482926/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0156

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0156.html

External Source: REDHAT

Name: RHSA-2008:0132

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0132.html

External Source: REDHAT

Name: RHSA-2008:0100

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0100.html

External Source: REDHAT

Name: RHSA-2007:1041

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-1041.html

External Source: REDHAT

Name: RHSA-2007:0963

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0963.html

External Source: SUSE

Name: SUSE-SA:2007:055

Hyperlink:http://www.novell.com/linux/security/advisories/2007_55_java.html

External Source: GENTOO

Name: GLSA-200806-11

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

External Source: GENTOO

Name: GLSA-200804-20

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

External Source: CONFIRM

Name: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

Hyperlink:http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

External Source: SUNALERT

Name: 200041

Type: Advisory

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1

External Source: GENTOO

Name: GLSA-200804-28

Hyperlink:http://security.gentoo.org/glsa/glsa-200804-28.xml

External Source: SECUNIA

Name: 30780

Type: Advisory

Hyperlink:http://secunia.com/advisories/30780

External Source: SECUNIA

Name: 29897

Type: Advisory

Hyperlink:http://secunia.com/advisories/29897

External Source: SECUNIA

Name: 29858

Type: Advisory

Hyperlink:http://secunia.com/advisories/29858

External Source: SECUNIA

Name: 29340

Type: Advisory

Hyperlink:http://secunia.com/advisories/29340

External Source: SECUNIA

Name: 29214

Type: Advisory

Hyperlink:http://secunia.com/advisories/29214

External Source: SECUNIA

Name: 29042

Type: Advisory

Hyperlink:http://secunia.com/advisories/29042

External Source: SECUNIA

Name: 28880

Type: Advisory

Hyperlink:http://secunia.com/advisories/28880

External Source: SECUNIA

Name: 28777

Type: Advisory

Hyperlink:http://secunia.com/advisories/28777

External Source: SECUNIA

Name: 27804

Type: Advisory

Hyperlink:http://secunia.com/advisories/27804

External Source: SECUNIA

Name: 27716

Type: Advisory

Hyperlink:http://secunia.com/advisories/27716

External Source: SECUNIA

Name: 27693

Type: Advisory

Hyperlink:http://secunia.com/advisories/27693

External Source: SECUNIA

Name: 27261

Type: Advisory

Hyperlink:http://secunia.com/advisories/27261

External Source: SECUNIA

Name: 27206

Type: Advisory

Hyperlink:http://secunia.com/advisories/27206

External Source: FULLDISC

Name: 20070709 Anti-DNS Pinning and Java Applets

Hyperlink:http://seclists.org/fulldisclosure/2007/Jul/0159.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10340

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10340

External Source: OSVDB

Name: 45527

Hyperlink:http://osvdb.org/45527

External Source: SUSE

Name: SUSE-SA:2008:025

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

External Source: HP

Name: HPSBUX02284

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

External Source: HP

Name: SSRT071483

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

External Source: BEA

Name: BEA08-198.00

Hyperlink:http://dev2dev.bea.com/pub/advisory/272

External Source: MISC

Name: http://crypto.stanford.edu/dns/dns-rebinding.pdf

Hyperlink:http://crypto.stanford.edu/dns/dns-rebinding.pdf

References to Check Content

Identifier:oval:org.mitre.oval:def:10340

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10340