Upstream information

CVE-2007-5273 at MITRE

Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  NVD
Base Score 2.6
Vector AV:N/AC:H/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 332137 [RESOLVED / FIXED], 340481 [RESOLVED / FIXED], 379038 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • java-1_4_2-ibm >= 1.4.2_sr13.3-1.1.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.3-1.1.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.3-1.1.1
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA java-1_4_2-ibm-1.4.2_sr13.3-1.1.1
SUSE Linux Enterprise Server 11 SP2
  • java-1_4_2-ibm >= 1.4.2_sr13.10-0.4.1
  • java-1_4_2-ibm-jdbc >= 1.4.2_sr13.10-0.4.1
  • java-1_4_2-ibm-plugin >= 1.4.2_sr13.10-0.4.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA java-1_4_2-ibm-1.4.2_sr13.10-0.4.1


SUSE Timeline for this CVE

CVE page created: Tue Jul 9 16:13:52 2013
CVE page last modified: Mon Sep 9 16:50:45 2024