Vulnerability Description
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java Virtual Machine | All versions |
Related Weaknesses (CWE)
References
- http://crypto.stanford.edu/dns/dns-rebinding.pdf
- http://osvdb.org/40930
- http://crypto.stanford.edu/dns/dns-rebinding.pdf
- http://osvdb.org/40930
FAQ
What is CVE-2007-5375?
CVE-2007-5375 is a vulnerability with a CVSS score of 2.6 (LOW). Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context,...
How severe is CVE-2007-5375?
CVE-2007-5375 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5375?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java Virtual Machine.