CVE Vulnerabilities

CVE-2007-5375

Published: Oct 11, 2007 | Modified: Nov 15, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a mayscript=true Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Affected Software

Name Vendor Start Version End Version
Java_virtual_machine Sun * *
Sun-java5 Ubuntu dapper *
Sun-java5 Ubuntu edgy *
Sun-java5 Ubuntu feisty *
Sun-java5 Ubuntu gutsy *
Sun-java5 Ubuntu hardy *
Sun-java5 Ubuntu intrepid *
Sun-java5 Ubuntu jaunty *
Sun-java5 Ubuntu upstream *
Sun-java6 Ubuntu devel *
Sun-java6 Ubuntu feisty *
Sun-java6 Ubuntu gutsy *
Sun-java6 Ubuntu hardy *
Sun-java6 Ubuntu intrepid *
Sun-java6 Ubuntu jaunty *
Sun-java6 Ubuntu karmic *

References