Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 224633

Summary: Sun Java Virtual Machine (CVE-2007-5375)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:53:43 UTC 
CVE-2007-5375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5375):
  Interpretation conflict in the Sun Java Virtual Machine (JVM) allows
  user-assisted remote attackers to conduct a multi-pin DNS rebinding attack
  and execute arbitrary JavaScript in an intranet context, when an intranet web
  server has an HTML document that references a "mayscript=true" Java applet
  through a local relative URI, which may be associated with different IP
  addresses by the browser and the JVM.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:55:29 UTC 
This bug was while testing, sorry.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:56:02 UTC 
invalid