CVE-2007-5375
Published: 11 October 2007
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(1.5.0-13-0ubuntu1)
|
|
| hardy |
Released
(1.5.0-13-0ubuntu1)
|
|
| intrepid |
Released
(1.5.0-13-0ubuntu1)
|
|
| jaunty |
Released
(1.5.0-13-0ubuntu1)
|
|
| karmic |
Does not exist
|
|
| upstream |
Needed
|
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(6-03-0ubuntu1)
|
|
| hardy |
Released
(6-03-0ubuntu1)
|
|
| intrepid |
Released
(6-03-0ubuntu1)
|
|
| jaunty |
Released
(6-03-0ubuntu1)
|
|
| karmic |
Released
(6-03-0ubuntu1)
|
|
| upstream |
Needs triage
|