CVE-2007-5232

Published: Oct 5, 2007Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.

Affected (64)

Products: Sun: Jdk, Jre, Sdk

3 products

Configuration A

64 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update11
Sun Jdk	Version 1.5.0 update12
Sun Jdk	Version 1.5.0 update1
Sun Jdk	Version 1.5.0 update2
Sun Jdk	Version 1.5.0 update3
Sun Jdk	Version 1.5.0 update4
Sun Jdk	Version 1.5.0 update5
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9
Sun Jdk	Version 1.6.0 update1
Sun Jdk	Version 1.6.0 update2
Sun Jre	Version 1.3.0
Sun Jre	Version 1.3.0 update5
Sun Jre	Version 1.3.1 update16
Sun Jre	Version 1.3.1 update18
Sun Jre	Version 1.3.1 update19
Sun Jre	Version 1.3.1 update1
Sun Jre	Version 1.3.1 update1a
Sun Jre	Version 1.3.1 update20
Sun Jre	Version 1.4.1 update3
Sun Jre	Version 1.4.2
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9
Sun Jre	Version 1.4
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update12
Sun Jre	Version 1.5.0 update1
Sun Jre	Version 1.5.0 update2
Sun Jre	Version 1.5.0 update3
Sun Jre	Version 1.5.0 update4
Sun Jre	Version 1.5.0 update5
Sun Jre	Version 1.5.0 update6
Sun Jre	Version 1.5.0 update7
Sun Jre	Version 1.5.0 update8
Sun Jre	Version 1.5.0 update9
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_2
Sun Sdk	Version 1.3.1_01
Sun Sdk	Version 1.3.1_01a
Sun Sdk	Version 1.3.1_16
Sun Sdk	Version 1.3.1_18
Sun Sdk	Version 1.3.1_19
Sun Sdk	Version 1.3.1_20
Sun Sdk	Version 1.4.2
Sun Sdk	Version 1.4.2_03
Sun Sdk	Version 1.4.2_08
Sun Sdk	Version 1.4.2_09
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15

References (90)

http://conference.hitb.org/hitbsecconf2007kl/?page_id=148

Source: cve@mitre.org

http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf

Source: cve@mitre.org

http://dev2dev.bea.com/pub/advisory/272

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307177

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

Source: cve@mitre.org

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

Source: cve@mitre.org

http://secunia.com/advisories/27206

Source: cve@mitre.org

http://secunia.com/advisories/27261

Source: cve@mitre.org

http://secunia.com/advisories/27693

Source: cve@mitre.org

http://secunia.com/advisories/27716

Source: cve@mitre.org

http://secunia.com/advisories/27804

Source: cve@mitre.org

http://secunia.com/advisories/28115

Source: cve@mitre.org

http://secunia.com/advisories/28777

Source: cve@mitre.org

http://secunia.com/advisories/28880

Source: cve@mitre.org

http://secunia.com/advisories/29042

Source: cve@mitre.org

http://secunia.com/advisories/29214

Source: cve@mitre.org

http://secunia.com/advisories/29340

Source: cve@mitre.org

http://secunia.com/advisories/29858

Source: cve@mitre.org

http://secunia.com/advisories/29897

Source: cve@mitre.org

http://secunia.com/advisories/30676

Source: cve@mitre.org

http://secunia.com/advisories/30780

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200804-28.xml

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1

Source: cve@mitre.org

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/336105

Source: cve@mitre.org

US Government Resource

http://www.novell.com/linux/security/advisories/2007_55_java.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0963.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-1041.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0100.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0132.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0156.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482926/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25918

Source: cve@mitre.org

http://www.securitytracker.com/id?1018768

Source: cve@mitre.org

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3895

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/4224

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0609

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1856/references

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36941

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331

Source: cve@mitre.org

http://conference.hitb.org/hitbsecconf2007kl/?page_id=148