CVE-2007-5274

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Published: Oct 9, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5274
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / jdk	-	1.6.0.x
sun / jdk	1.5.0-update3	1.5.0-update3.x
sun / jdk	1.5.0-update11	1.5.0-update11.x
sun / jdk	1.5.0-update9	1.5.0-update9.x
sun / jdk	1.5.0-update1	1.5.0-update1.x
sun / jdk	1.5.0-update4	1.5.0-update4.x
sun / jdk	1.5.0-update7	1.5.0-update7.x
sun / jdk	1.5.0-update12	1.5.0-update12.x
sun / jdk	1.5.0-update5	1.5.0-update5.x
sun / jdk	1.5.0-update8	1.5.0-update8.x
sun / jdk	1.5.0-update2	1.5.0-update2.x
sun / jdk	1.5.0-update10	1.5.0-update10.x
sun / jdk	1.6.0-update1	1.6.0-update1.x
sun / jdk	1.6.0-update2	1.6.0-update2.x
sun / jdk	6-update_1	6-update_1.x
sun / jdk	6	6.x
sun / jre	-	1.3.1.x
sun / jre	-	1.4.2.x
sun / jre	-	1.6.0.x
sun / jre	1.3.0-update5	1.3.0-update5.x
sun / jre	1.3.0	1.3.0.x
sun / jre	1.3.1-update16	1.3.1-update16.x
sun / jre	1.3.1-update18	1.3.1-update18.x
sun / jre	1.3.1-update1	1.3.1-update1.x
sun / jre	1.3.1-update1a	1.3.1-update1a.x
sun / jre	1.3.1-update19	1.3.1-update19.x
sun / jre	1.4	1.4.x
sun / jre	1.4.1-update3	1.4.1-update3.x
sun / jre	1.4.2	1.4.2.x
sun / jre	1.4.2_1	1.4.2_1.x
sun / jre	1.4.2_3	1.4.2_3.x
sun / jre	1.4.2_8	1.4.2_8.x
sun / jre	1.4.2_9	1.4.2_9.x
sun / jre	1.4.2_10	1.4.2_10.x
sun / jre	1.4.2_11	1.4.2_11.x
sun / jre	1.4.2_12	1.4.2_12.x
sun / jre	1.4.2_13	1.4.2_13.x
sun / jre	1.4.2_14	1.4.2_14.x
sun / jre	1.5.0-update7	1.5.0-update7.x
sun / jre	1.5.0-update3	1.5.0-update3.x
sun / jre	1.5.0-update11	1.5.0-update11.x
sun / jre	1.5.0-update12	1.5.0-update12.x
sun / jre	1.5.0-update8	1.5.0-update8.x
sun / jre	1.5.0-update2	1.5.0-update2.x
sun / jre	1.5.0-update6	1.5.0-update6.x
sun / jre	1.5.0-update9	1.5.0-update9.x
sun / jre	1.5.0-update10	1.5.0-update10.x
sun / jre	1.5.0-update1	1.5.0-update1.x
sun / jre	1.5.0-update4	1.5.0-update4.x
sun / jre	1.5.0-update5	1.5.0-update5.x
sun / jre	1.6.0-update_1	1.6.0-update_1.x
sun / sdk	-	1.3.1_20.x
sun / sdk	1.3.1_01	1.3.1_01.x
sun / sdk	1.3.1_01a	1.3.1_01a.x
sun / sdk	1.3.1_16	1.3.1_16.x
sun / sdk	1.3.1_18	1.3.1_18.x
sun / sdk	1.3.1_19	1.3.1_19.x
sun / sdk	1.4.2	1.4.2.x
sun / sdk	1.4.2_03	1.4.2_03.x
sun / sdk	1.4.2_08	1.4.2_08.x
sun / sdk	1.4.2_09	1.4.2_09.x
sun / sdk	1.4.2_10	1.4.2_10.x
sun / sdk	1.4.2_11	1.4.2_11.x
sun / sdk	1.4.2_12	1.4.2_12.x
sun / sdk	1.4.2_13	1.4.2_13.x
sun / sdk	1.4.2_14	1.4.2_14.x
sun / sdk	1.4.2_15	1.4.2_15.x

Vulnerability Database

CVE-2007-5274

Deep Security Visibility Without the Complexity