Strix
26.1K

CVE-2007-5274

UnknownEPSS 2.68%

Last modified

CVE-2007-5274 is a vulnerability of currently unknown severity. Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.

Metrics

EPSS Probability
2.68%

83.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
SunJdk<= 1.6.0Update2
SunJdk1.5.0Update1
SunJdk1.6.0Update1
SunJdk6
SunJre<= 1.3.1Update20
SunJre<= 1.4.2Update15
SunJre<= 1.6.0Update2
SunJre1.3.0
SunJre1.3.1Update1
SunJre1.4
SunJre1.4.1Update3
SunJre1.4.2
SunJre1.4.2_1
SunJre1.4.2_3
SunJre1.4.2_8
SunJre1.4.2_9
SunJre1.4.2_10
SunJre1.4.2_11
SunJre1.4.2_12
SunJre1.4.2_13
SunJre1.4.2_14
SunJre1.5.0Update1
SunJre1.6.0Update 1
SunSdk<= 1.3.1_20
SunSdk1.3.1_01
SunSdk1.3.1_01a
SunSdk1.3.1_16
SunSdk1.3.1_18
SunSdk1.3.1_19
SunSdk1.4.2
SunSdk1.4.2_03
SunSdk1.4.2_08
SunSdk1.4.2_09
SunSdk1.4.2_10
SunSdk1.4.2_11
SunSdk1.4.2_12
SunSdk1.4.2_13
SunSdk1.4.2_14
SunSdk1.4.2_15

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-5274?
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
How severe is CVE-2007-5274?
Severity scoring for CVE-2007-5274 is pending analysis. The EPSS model estimates a 2.68% probability of exploitation in the next 30 days.
How do I fix CVE-2007-5274?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5274?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST