Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 224633 - Sun Java Virtual Machine (CVE-2007-5375)
Summary: Sun Java Virtual Machine (CVE-2007-5375)
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-02 16:53 UTC by Robert Buchholz (RETIRED)
Modified: 2008-06-02 16:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:53:43 UTC 
CVE-2007-5375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5375):
  Interpretation conflict in the Sun Java Virtual Machine (JVM) allows
  user-assisted remote attackers to conduct a multi-pin DNS rebinding attack
  and execute arbitrary JavaScript in an intranet context, when an intranet web
  server has an HTML document that references a "mayscript=true" Java applet
  through a local relative URI, which may be associated with different IP
  addresses by the browser and the JVM.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:55:29 UTC 
This bug was while testing, sorry.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 16:56:02 UTC 
invalid