2.6

CVE-2007-5273

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJdk Version1.5.0 Updateupdate1
SunJdk Version1.5.0 Updateupdate10
SunJdk Version1.5.0 Updateupdate11
SunJdk Version1.5.0 Updateupdate12
SunJdk Version1.5.0 Updateupdate2
SunJdk Version1.5.0 Updateupdate3
SunJdk Version1.5.0 Updateupdate4
SunJdk Version1.5.0 Updateupdate5
SunJdk Version1.5.0 Updateupdate7
SunJdk Version1.5.0 Updateupdate8
SunJdk Version1.5.0 Updateupdate9
SunJdk Version1.6.0 Updateupdate1
SunJdk Version1.6.0 Updateupdate2
SunJre Version1.3.0
SunJre Version1.3.0 Updateupdate5
SunJre Version1.3.1 Updateupdate1
SunJre Version1.3.1 Updateupdate16
SunJre Version1.3.1 Updateupdate18
SunJre Version1.3.1 Updateupdate19
SunJre Version1.3.1 Updateupdate1a
SunJre Version1.3.1 Updateupdate20
SunJre Version1.4
SunJre Version1.4.1 Updateupdate3
SunJre Version1.4.2
SunJre Version1.4.2_1
SunJre Version1.4.2_3
SunJre Version1.4.2_8
SunJre Version1.4.2_9
SunJre Version1.4.2_10
SunJre Version1.4.2_11
SunJre Version1.4.2_12
SunJre Version1.4.2_13
SunJre Version1.4.2_14
SunJre Version1.4.2_15
SunJre Version1.5.0 Updateupdate1
SunJre Version1.5.0 Updateupdate10
SunJre Version1.5.0 Updateupdate11
SunJre Version1.5.0 Updateupdate12
SunJre Version1.5.0 Updateupdate2
SunJre Version1.5.0 Updateupdate3
SunJre Version1.5.0 Updateupdate4
SunJre Version1.5.0 Updateupdate5
SunJre Version1.5.0 Updateupdate6
SunJre Version1.5.0 Updateupdate7
SunJre Version1.5.0 Updateupdate8
SunJre Version1.5.0 Updateupdate9
SunJre Version1.6.0 Updateupdate_1
SunJre Version1.6.0 Updateupdate_2
SunSdk Version1.3.1_01
SunSdk Version1.3.1_01a
SunSdk Version1.3.1_16
SunSdk Version1.3.1_18
SunSdk Version1.3.1_19
SunSdk Version1.3.1_20
SunSdk Version1.4.2
SunSdk Version1.4.2_03
SunSdk Version1.4.2_08
SunSdk Version1.4.2_09
SunSdk Version1.4.2_10
SunSdk Version1.4.2_11
SunSdk Version1.4.2_12
SunSdk Version1.4.2_13
SunSdk Version1.4.2_14
SunSdk Version1.4.2_15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.68% 0.838
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/29858
Vendor Advisory
http://secunia.com/advisories/30780
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://secunia.com/advisories/29340
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://secunia.com/advisories/27716
Vendor Advisory
http://secunia.com/advisories/28777
Vendor Advisory
http://secunia.com/advisories/28880
Vendor Advisory
http://secunia.com/advisories/29897
Vendor Advisory
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://dev2dev.bea.com/pub/advisory/272
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://secunia.com/advisories/27206
Vendor Advisory
http://secunia.com/advisories/27261
Vendor Advisory
http://secunia.com/advisories/27693
Vendor Advisory
http://secunia.com/advisories/27804
Vendor Advisory
http://secunia.com/advisories/29042
Vendor Advisory
http://secunia.com/advisories/29214
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_55_java.html
http://www.redhat.com/support/errata/RHSA-2007-0963.html
http://www.redhat.com/support/errata/RHSA-2007-1041.html
http://www.redhat.com/support/errata/RHSA-2008-0156.html
http://www.securityfocus.com/archive/1/482926/100/0/threaded
http://www.securityfocus.com/bid/25918
http://www.vupen.com/english/advisories/2007/3895
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0609
Vendor Advisory
http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://osvdb.org/45527
http://seclists.org/fulldisclosure/2007/Jul/0159.html
http://securitytracker.com/id?1018771
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340