CVE-2007-5375
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
Conflicto de interpretación en la Máquina Virtual de Java (JVM, Java Virtual Machine) permite a atacantes remotos con la complicidad del usuario llevar a cabo un ataque de revinculación DNS con fijación múltiple y ejecutar código Javascript de su elección en un contexto de intranet, cuando el servidor web de la intranet tiene un documento HTML que hace referencia a un applet Java "mayscript=true" a través de un URI relativo, lo cual podría estar asociado con diferentes direcciones IP entre el navegador y la JVM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-10 CVE Reserved
- 2007-10-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://crypto.stanford.edu/dns/dns-rebinding.pdf | X_refsource_misc | |
| http://osvdb.org/40930 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Java Virtual Machine Search vendor "Sun" for product "Java Virtual Machine" | * | - |
Affected
| ||||||