NVD
- Id
- 57350
- Name
- CVE-2007-5274
- Description
- Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
- Reject
- CVSS Version
- 2
- CVSS Score
- 2.6
- Severity
- Low
- CVSS Base Score
- 2.6
- CVSS Impact Subscore
- 2.9
- CVSS Exploit Subscore
- 4.9
- CVSS Vector
- (AV:N/AC:H/Au:N/C:N/I:P/A:N)
- Pub Date
- 2017-01-07
- Published
- 2007-10-08
- Modified Date
- 2011-07-28
- Seq
- 2007-5274
