Vulnerability Description
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | <= 1.5.0 |
| Sun | Jre | <= 1.5.0 |
| Sun | Sdk | <= 1.4.2_14 |
References
- http://dev2dev.bea.com/pub/advisory/248
- http://docs.info.apple.com/article.html?artnum=307177
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://secunia.com/advisories/26314
- http://secunia.com/advisories/26369
- http://secunia.com/advisories/26631
- http://secunia.com/advisories/26645
- http://secunia.com/advisories/26933
- http://secunia.com/advisories/27266
- http://secunia.com/advisories/27635
- http://secunia.com/advisories/28115
- http://secunia.com/advisories/30805
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
FAQ
What is CVE-2007-3922?
CVE-2007-3922 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows rem...
How severe is CVE-2007-3922?
CVE-2007-3922 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3922?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre, Sun Sdk.