CVE - CVE-2007-5232

CVE-ID
CVE-2007-5232	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-12-14 URL:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html BEA:BEA08-198.00 URL:http://dev2dev.bea.com/pub/advisory/272 BID:25918 URL:http://www.securityfocus.com/bid/25918 BUGTRAQ:20071029 FLEA-2007-0061-1 sun-jre sun-jdk URL:http://www.securityfocus.com/archive/1/482926/100/0/threaded CERT-VN:VU#336105 URL:http://www.kb.cert.org/vuls/id/336105 CONFIRM:http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0010.html GENTOO:GLSA-200804-20 URL:http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml GENTOO:GLSA-200804-28 URL:http://security.gentoo.org/glsa/glsa-200804-28.xml GENTOO:GLSA-200806-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml HP:HPSBUX02284 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 HP:SSRT071483 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 MISC:http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 MISC:http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf MISC:http://docs.info.apple.com/article.html?artnum=307177 OVAL:oval:org.mitre.oval:def:9331 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331 REDHAT:RHSA-2007:0963 URL:http://www.redhat.com/support/errata/RHSA-2007-0963.html REDHAT:RHSA-2007:1041 URL:http://www.redhat.com/support/errata/RHSA-2007-1041.html REDHAT:RHSA-2008:0100 URL:http://www.redhat.com/support/errata/RHSA-2008-0100.html REDHAT:RHSA-2008:0132 URL:http://www.redhat.com/support/errata/RHSA-2008-0132.html REDHAT:RHSA-2008:0156 URL:http://www.redhat.com/support/errata/RHSA-2008-0156.html SECTRACK:1018768 URL:http://www.securitytracker.com/id?1018768 SECUNIA:27206 URL:http://secunia.com/advisories/27206 SECUNIA:27261 URL:http://secunia.com/advisories/27261 SECUNIA:27693 URL:http://secunia.com/advisories/27693 SECUNIA:27716 URL:http://secunia.com/advisories/27716 SECUNIA:27804 URL:http://secunia.com/advisories/27804 SECUNIA:28115 URL:http://secunia.com/advisories/28115 SECUNIA:28777 URL:http://secunia.com/advisories/28777 SECUNIA:28880 URL:http://secunia.com/advisories/28880 SECUNIA:29042 URL:http://secunia.com/advisories/29042 SECUNIA:29214 URL:http://secunia.com/advisories/29214 SECUNIA:29340 URL:http://secunia.com/advisories/29340 SECUNIA:29858 URL:http://secunia.com/advisories/29858 SECUNIA:29897 URL:http://secunia.com/advisories/29897 SECUNIA:30676 URL:http://secunia.com/advisories/30676 SECUNIA:30780 URL:http://secunia.com/advisories/30780 SUNALERT:103079 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 SUNALERT:201519 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1 SUSE:SUSE-SA:2007:055 URL:http://www.novell.com/linux/security/advisories/2007_55_java.html SUSE:SUSE-SA:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html VUPEN:ADV-2007-3895 URL:http://www.vupen.com/english/advisories/2007/3895 VUPEN:ADV-2007-4224 URL:http://www.vupen.com/english/advisories/2007/4224 VUPEN:ADV-2008-0609 URL:http://www.vupen.com/english/advisories/2008/0609 VUPEN:ADV-2008-1856 URL:http://www.vupen.com/english/advisories/2008/1856/references XF:sun-java-appletcaching-security-bypass(36941) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36941
Assigning CNA
MITRE Corporation
Date Record Created
20071005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)