CVE-2007-5375

EPSS 0.42%
Published 11.10.2007 10:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Java Virtual Machine

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.61

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://crypto.stanford.edu/dns/dns-rebinding.pdf

http://osvdb.org/40930

https://nvd.nist.gov/vuln/detail/CVE-2007-5375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5375

EUVD