CVE-2007-5273

Severity

26%

Complexity

49%

Confidentiality

48%

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-10-08 23:17:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun J2RE 1.3.0

1.3.0

Sun J2RE 1.3.0_05

1.3.0

Sun JRE 1.3.1_01

1.3.1

Sun JRE 1.3.1_16

1.3.1

Sun JRE 1.3.1_18

1.3.1

Sun JRE 1.3.1_19

1.3.1

Sun JRE 1.3.1_01a

1.3.1

Sun JRE 1.3.1_20

1.3.1

JRE 1.4.1_03

1.4.1

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

Sun SDK 1.3.1_20

1.3.1_20

SDK 1.4.2

1.4.2

SDK 1.4.2_03

1.4.2_03

Sun SDK 1.4.2_08

1.4.2_08

Sun SDK 1.4.2_09

1.4.2_09

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

References

http://crypto.stanford.edu/dns/dns-rebinding.pdf

BEA08-198.00

HPSBUX02284

SUSE-SA:2008:025

45527

20070709 Anti-DNS Pinning and Java Applets

27206

Vendor Advisory

27261

Vendor Advisory

27693

Vendor Advisory

27716

Vendor Advisory

27804

Vendor Advisory

28777

Vendor Advisory

28880

Vendor Advisory

29042

Vendor Advisory

29214

Vendor Advisory

29340

Vendor Advisory

29858

Vendor Advisory

29897

Vendor Advisory

30780

Vendor Advisory

GLSA-200804-28

1018771

Patch

103078

Patch, Vendor Advisory

200041

Vendor Advisory

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

GLSA-200804-20

GLSA-200806-11

SUSE-SA:2007:055

RHSA-2007:0963

RHSA-2007:1041

RHSA-2008:0100

RHSA-2008:0132

RHSA-2008:0156

20071029 FLEA-2007-0061-1 sun-jre sun-jdk

25918

ADV-2007-3895

Vendor Advisory

ADV-2008-0609

Vendor Advisory

oval:org.mitre.oval:def:10340

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.