National Cyber Awareness System

Vulnerability Summary for CVE-2007-5274

Overview

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2008-1856

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/1856/references

External Source: VUPEN

Name: ADV-2008-0609

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/0609

External Source: VUPEN

Name: ADV-2007-3895

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2007/3895

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2008-0010.html

External Source: BID

Name: 25918

Hyperlink:http://www.securityfocus.com/bid/25918

External Source: BUGTRAQ

Name: 20071029 FLEA-2007-0061-1 sun-jre sun-jdk

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482926/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0132

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0132.html

External Source: REDHAT

Name: RHSA-2007:1041

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-1041.html

External Source: REDHAT

Name: RHSA-2007:0963

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0963.html

External Source: SUSE

Name: SUSE-SA:2007:055

Hyperlink:http://www.novell.com/linux/security/advisories/2007_55_java.html

External Source: GENTOO

Name: GLSA-200806-11

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

External Source: GENTOO

Name: GLSA-200804-20

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

External Source: CONFIRM

Name: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

Hyperlink:http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

External Source: SUNALERT

Name: 200041

Type: Advisory

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1

External Source: SUNALERT

Name: 103078

Type: Advisory

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1

External Source: SECTRACK

Name: 1018771

Hyperlink:http://securitytracker.com/id?1018771

External Source: GENTOO

Name: GLSA-200804-28

Hyperlink:http://security.gentoo.org/glsa/glsa-200804-28.xml

External Source: SECUNIA

Name: 30780

Type: Advisory

Hyperlink:http://secunia.com/advisories/30780

External Source: SECUNIA

Name: 30676

Type: Advisory

Hyperlink:http://secunia.com/advisories/30676

External Source: SECUNIA

Name: 29897

Type: Advisory

Hyperlink:http://secunia.com/advisories/29897

External Source: SECUNIA

Name: 29858

Type: Advisory

Hyperlink:http://secunia.com/advisories/29858

External Source: SECUNIA

Name: 29042

Type: Advisory

Hyperlink:http://secunia.com/advisories/29042

External Source: SECUNIA

Name: 28880

Type: Advisory

Hyperlink:http://secunia.com/advisories/28880

External Source: SECUNIA

Name: 28777

Type: Advisory

Hyperlink:http://secunia.com/advisories/28777

External Source: SECUNIA

Name: 27804

Type: Advisory

Hyperlink:http://secunia.com/advisories/27804

External Source: SECUNIA

Name: 27716

Type: Advisory

Hyperlink:http://secunia.com/advisories/27716

External Source: SECUNIA

Name: 27693

Type: Advisory

Hyperlink:http://secunia.com/advisories/27693

External Source: SECUNIA

Name: 27261

Type: Advisory

Hyperlink:http://secunia.com/advisories/27261

External Source: SECUNIA

Name: 27206

Type: Advisory

Hyperlink:http://secunia.com/advisories/27206

External Source: OVAL

Name: oval:org.mitre.oval:def:10908

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10908

External Source: SUSE

Name: SUSE-SA:2008:025

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

External Source: HP

Name: SSRT071483

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

External Source: HP

Name: SSRT071483

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

External Source: BEA

Name: BEA08-198.00

Hyperlink:http://dev2dev.bea.com/pub/advisory/272

External Source: MISC

Name: http://crypto.stanford.edu/dns/dns-rebinding.pdf

Hyperlink:http://crypto.stanford.edu/dns/dns-rebinding.pdf

References to Check Content

Identifier:oval:org.mitre.oval:def:10908

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10908