CVE-2007-5375

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Published: Oct 11, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5375
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-16
CWE-20

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
sun / java_virtual_machine	-	-

http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://osvdb.org/40930

Vulnerability Database

289,697

CVE-2007-5375