Launchpad.net

CVE 2007-5273

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20070709 Anti-DNS Pinn...
MISC: http://crypto.stanford...
SUNALERT: 103078
SECTRACK: 1018771
BID: 25918
REDHAT: RHSA-2007:0963
SECUNIA: 27206
SUSE: SUSE-SA:2007:055
SECUNIA: 27261
CONFIRM: http://support.novell....
SECUNIA: 27716
HP: HPSBUX02284
HP: SSRT071483
REDHAT: RHSA-2007:1041
SECUNIA: 27693
SECUNIA: 27804
SECUNIA: 28777
BEA: BEA08-198.00
REDHAT: RHSA-2008:0132
SECUNIA: 28880
SECUNIA: 29042
REDHAT: RHSA-2008:0156
REDHAT: RHSA-2008:0100
SUNALERT: 200041
SECUNIA: 29214
SECUNIA: 29340
GENTOO: GLSA-200804-20
SUSE: SUSE-SA:2008:025
SECUNIA: 29858
SECUNIA: 29897
GENTOO: GLSA-200804-28
GENTOO: GLSA-200806-11
SECUNIA: 30780
OSVDB: 45527
VUPEN: ADV-2007-3895
VUPEN: ADV-2008-0609
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20071029 FLEA-2007-006...

Launchpad.net

CVE 2007-5273

Related bugs

References