224633 – Sun Java Virtual Machine (CVE-2007-5375)

Bug 224633 - Sun Java Virtual Machine (CVE-2007-5375)

Summary: Sun Java Virtual Machine (CVE-2007-5375)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-06-02 16:53 UTC by Robert Buchholz (RETIRED)
Modified:	2008-06-02 16:56 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-06-02 16:53:43 UTC

CVE-2007-5375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5375):
  Interpretation conflict in the Sun Java Virtual Machine (JVM) allows
  user-assisted remote attackers to conduct a multi-pin DNS rebinding attack
  and execute arbitrary JavaScript in an intranet context, when an intranet web
  server has an HTML document that references a "mayscript=true" Java applet
  through a local relative URI, which may be associated with different IP
  addresses by the browser and the JVM.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-06-02 16:55:29 UTC

This bug was while testing, sorry.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-06-02 16:56:02 UTC

invalid