PT-2007-6429 · Sun · Java Virtual Machine

Published

2007-10-11

Updated

2008-11-15

CVE-2007-5375

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Sun Java Virtual Machine (JVM) (affected versions not specified)

Description: The issue is related to an interpretation conflict in the Sun Java Virtual Machine (JVM) that allows remote attackers to conduct a multi-pin DNS rebinding attack. This can lead to the execution of arbitrary JavaScript in an intranet context. The attack is possible when an intranet web server hosts an HTML document referencing a Java applet with "mayscript=true" through a local relative URI. The browser and the JVM may associate this URI with different IP addresses.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-16

Related Identifiers

CVE-2007-5375

Affected Products

Java Virtual Machine

PT-2007-6429 · Sun · Java Virtual Machine

CVE-2007-5375

Weakness Enumeration

Related Identifiers

Affected Products

References · 3