Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5375

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2007-5375
Last Modified 15 Nov 2008 02:00:47
Published 11 Oct 2007 06:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-5375

Summary

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Vulnerable Systems

Application

  • Sun Java Virtual Machine


References

OSVDB - 40930

MISC - http://crypto.stanford.edu/dns/dns-rebinding.pdf


Last Updated: 27 May 2016 10:46:09