CVE-2007-5375

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Virtual Machine
Vendor: CVE Published:; 11 October 2007

Summary

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

References

http://crypto.stanford.edu/dns/dns-rebinding.pdf

x_refsource_MISC

http://osvdb.org/40930

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Oct 11, 2007
Vulnerability Reserved
Oct 10, 2007