csaf_redhat - rhsa-2007

rhsa-2007_0818

Vulnerability from csaf_redhat

Published

2007-08-06 15:55

Modified

2024-11-14 10:05

Summary

Red Hat Security Advisory: java-1.5.0-sun security update

Notes

Topic

Updated java-1.5.0-sun packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503) The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655) The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) All users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 12 that corrects these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.5.0-sun packages that correct several security issues are\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Java Runtime Environment (JRE) contains the software and tools\nthat users need to run applets and applications written using the Java\nprogramming language.\n\nThe Javadoc tool was able to generate HTML documentation pages that\ncontained cross-site scripting (XSS) vulnerabilities.  A remote attacker\ncould use this to inject arbitrary web script or HTML. (CVE-2007-3503)\n\nThe Java Web Start URL parsing component contained a buffer overflow\nvulnerability within the parsing code for JNLP files. A remote attacker\ncould create a malicious JNLP file that could trigger this flaw and execute\narbitrary code when opened. (CVE-2007-3655)\n\nThe JSSE component did not correctly process SSL/TLS handshake requests. A\nremote attacker who is able to connect to a JSSE-based service could\ntrigger this flaw leading to a denial-of-service. (CVE-2007-3698)\n\nA flaw was found in the applet class loader. An untrusted applet could use\nthis flaw to circumvent network access restrictions, possibly connecting to\nservices hosted on the machine that executed the applet. (CVE-2007-3922)\n\nAll users of java-sun-1.5.0 should upgrade to these packages, which contain\nSun Java 1.5.0 Update 12 that corrects these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0818",
        "url": "https://access.redhat.com/errata/RHSA-2007:0818"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "246765",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=246765"
      },
      {
        "category": "external",
        "summary": "248864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248864"
      },
      {
        "category": "external",
        "summary": "249533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249533"
      },
      {
        "category": "external",
        "summary": "249539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249539"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0818.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.5.0-sun security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:05:21+00:00",
      "generator": {
        "date": "2024-11-14T10:05:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2007:0818",
      "initial_release_date": "2007-08-06T15:55:00+00:00",
      "revision_history": [
        {
          "date": "2007-08-06T15:55:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-08-06T11:55:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:05:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 4 Extras",
                  "product_id": "4AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 4 Extras",
                "product": {
                  "name": "Red Hat Desktop version 4 Extras",
                  "product_id": "4Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 4 Extras",
                  "product_id": "4ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 4 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 4 Extras",
                  "product_id": "4WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
                "product": {
                  "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_id": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-src@1.5.0.12-1jpp.2.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
                "product": {
                  "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_id": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun@1.5.0.12-1jpp.2.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
                "product": {
                  "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_id": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-devel@1.5.0.12-1jpp.2.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
                "product": {
                  "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_id": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-jdbc@1.5.0.12-1jpp.2.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
                "product": {
                  "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_id": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-demo@1.5.0.12-1jpp.2.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-src@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-devel@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-jdbc@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-plugin@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
                "product": {
                  "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_id": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-sun-demo@1.5.0.12-1jpp.2.el4?arch=i586"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras",
          "product_id": "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Desktop version 4 Extras",
          "product_id": "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras",
          "product_id": "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
        "relates_to_product_reference": "4WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras",
          "product_id": "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        },
        "product_reference": "java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
        "relates_to_product_reference": "4WS-LACD"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-3503",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-07-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "246765"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTML files generated with Javadoc are vulnerable to a XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3503"
        },
        {
          "category": "external",
          "summary": "RHBZ#246765",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=246765"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3503"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3503",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3503"
        }
      ],
      "release_date": "2007-06-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-06T15:55:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0818"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "HTML files generated with Javadoc are vulnerable to a XSS"
    },
    {
      "cve": "CVE-2007-3655",
      "discovery_date": "2007-07-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "248864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "A buffer overflow vulnerability in Java Web Start URL parsing code",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3655"
        },
        {
          "category": "external",
          "summary": "RHBZ#248864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=248864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3655"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3655",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3655"
        }
      ],
      "release_date": "2007-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-06T15:55:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0818"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "A buffer overflow vulnerability in Java Web Start URL parsing code"
    },
    {
      "cve": "CVE-2007-3698",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3698"
        },
        {
          "category": "external",
          "summary": "RHBZ#249539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3698"
        }
      ],
      "release_date": "2007-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-06T15:55:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0818"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition"
    },
    {
      "cve": "CVE-2007-3922",
      "discovery_date": "2007-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to certain localhost services running on the machine that loaded the applet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
          "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
          "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3922"
        },
        {
          "category": "external",
          "summary": "RHBZ#249533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3922"
        }
      ],
      "release_date": "2007-07-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-08-06T15:55:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4AS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4AS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4Desktop-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4Desktop-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4ES-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4ES-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-demo-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-devel-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-jdbc-0:1.5.0.12-1jpp.2.el4.x86_64",
            "4WS-LACD:java-1.5.0-sun-plugin-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.i586",
            "4WS-LACD:java-1.5.0-sun-src-0:1.5.0.12-1jpp.2.el4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0818"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions"
    }
  ]
}

cve-2007-3698

Vulnerability from cvelistv5

Published

2007-07-11 22:00

Modified

2024-08-07 14:28

Severity ?

Summary

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-0818.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2007/2660	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://www.securityfocus.com/bid/24846	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26314	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634	vdb-entry, signature, x_refsource_OVAL
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html	vendor-advisory, x_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35333	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26015	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28056	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26221	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://www.securitytracker.com/id?1018357	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3861	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/36663	vdb-entry, x_refsource_OSVDB
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2495	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2007-1086.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/249	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/27635	third-party-advisory, x_refsource_SECUNIA
	http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "RHSA-2007:0818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
          },
          {
            "name": "ADV-2007-2660",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2660"
          },
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "24846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24846"
          },
          {
            "name": "26314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26314"
          },
          {
            "name": "oval:org.mitre.oval:def:10634",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "20070725 Vulnerability in Java Secure Socket Extension",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
          },
          {
            "name": "sun-jsse-ssltls-dos(35333)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "26015",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26015"
          },
          {
            "name": "28056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28056"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "26221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26221"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "SSRT071465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "HPSBMA02288",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "1018357",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018357"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "ADV-2007-3861",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3861"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "102997",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "36663",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36663"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "ADV-2007-2495",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2495"
          },
          {
            "name": "RHSA-2007:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          },
          {
            "name": "BEA07-178.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/249"
          },
          {
            "name": "27635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "RHSA-2007:0818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
        },
        {
          "name": "ADV-2007-2660",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2660"
        },
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "24846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24846"
        },
        {
          "name": "26314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26314"
        },
        {
          "name": "oval:org.mitre.oval:def:10634",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "20070725 Vulnerability in Java Secure Socket Extension",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
        },
        {
          "name": "sun-jsse-ssltls-dos(35333)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "26015",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26015"
        },
        {
          "name": "28056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28056"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "26221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26221"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "SSRT071465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "HPSBMA02288",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "1018357",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018357"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "ADV-2007-3861",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3861"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "102997",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "36663",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36663"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "ADV-2007-2495",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2495"
        },
        {
          "name": "RHSA-2007:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        },
        {
          "name": "BEA07-178.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/249"
        },
        {
          "name": "27635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "RHSA-2007:0818",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
            },
            {
              "name": "ADV-2007-2660",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2660"
            },
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "24846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24846"
            },
            {
              "name": "26314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26314"
            },
            {
              "name": "oval:org.mitre.oval:def:10634",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "20070725 Vulnerability in Java Secure Socket Extension",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
            },
            {
              "name": "sun-jsse-ssltls-dos(35333)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "26015",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26015"
            },
            {
              "name": "28056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28056"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "26221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26221"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "SSRT071465",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "HPSBMA02288",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "1018357",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018357"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "ADV-2007-3861",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3861"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "102997",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "36663",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36663"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "ADV-2007-2495",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2495"
            },
            {
              "name": "RHSA-2007:1086",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            },
            {
              "name": "BEA07-178.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/249"
            },
            {
              "name": "27635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27635"
            },
            {
              "name": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3698",
    "datePublished": "2007-07-11T22:00:00",
    "dateReserved": "2007-07-11T00:00:00",
    "dateUpdated": "2024-08-07T14:28:51.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3503

Vulnerability from cvelistv5

Published

2007-06-30 01:00

Modified

2024-08-07 14:21

Severity ?

Summary

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2007-0818.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://osvdb.org/36488	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/26314	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/248	vendor-advisory, x_refsource_BEA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35168	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/25769	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26369	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1	vendor-advisory, x_refsource_SUNALERT
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2383	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018327	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2007-0829.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/24690	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:35.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10704",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704"
          },
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "36488",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36488"
          },
          {
            "name": "26314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26314"
          },
          {
            "name": "BEA07-177.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/248"
          },
          {
            "name": "sun-jdk-javadoc-xss(35168)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35168"
          },
          {
            "name": "25769",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25769"
          },
          {
            "name": "26369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26369"
          },
          {
            "name": "102958",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "ADV-2007-2383",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2383"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "1018327",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018327"
          },
          {
            "name": "RHSA-2007:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
          },
          {
            "name": "24690",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24690"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10704",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704"
        },
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "36488",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36488"
        },
        {
          "name": "26314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26314"
        },
        {
          "name": "BEA07-177.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/248"
        },
        {
          "name": "sun-jdk-javadoc-xss(35168)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35168"
        },
        {
          "name": "25769",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25769"
        },
        {
          "name": "26369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26369"
        },
        {
          "name": "102958",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "ADV-2007-2383",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2383"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "1018327",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018327"
        },
        {
          "name": "RHSA-2007:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
        },
        {
          "name": "24690",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24690"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0818",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10704",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704"
            },
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "36488",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36488"
            },
            {
              "name": "26314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26314"
            },
            {
              "name": "BEA07-177.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/248"
            },
            {
              "name": "sun-jdk-javadoc-xss(35168)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35168"
            },
            {
              "name": "25769",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25769"
            },
            {
              "name": "26369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26369"
            },
            {
              "name": "102958",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "ADV-2007-2383",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2383"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "1018327",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018327"
            },
            {
              "name": "RHSA-2007:0829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
            },
            {
              "name": "24690",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24690"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3503",
    "datePublished": "2007-06-30T01:00:00",
    "dateReserved": "2007-06-29T00:00:00",
    "dateUpdated": "2024-08-07T14:21:35.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3655

Vulnerability from cvelistv5

Published

2007-07-10 19:00

Modified

2024-08-07 14:21

Severity ?

Summary

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2007-0818.html	vendor-advisory, x_refsource_REDHAT
	http://osvdb.org/37756	vdb-entry, x_refsource_OSVDB
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/2477	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/26314	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/24832	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26369	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35320	vdb-entry, x_refsource_XF
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://secunia.com/advisories/25981	third-party-advisory, x_refsource_SECUNIA
	http://securityreason.com/securityalert/2874	third-party-advisory, x_refsource_SREASON
	http://research.eeye.com/html/advisories/published/AD20070705.html	x_refsource_MISC
	http://www.securitytracker.com/id?1018346	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/473356/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/473224/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/27266	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1	vendor-advisory, x_refsource_SUNALERT
	http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html	vendor-advisory, x_refsource_SUSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://www.exploit-db.com/exploits/30284	exploit, x_refsource_EXPLOIT-DB
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	http://www.redhat.com/support/errata/RHSA-2007-0829.html	vendor-advisory, x_refsource_REDHAT
	http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html	mailing-list, x_refsource_FULLDISC

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
          },
          {
            "name": "37756",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "ADV-2007-2477",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2477"
          },
          {
            "name": "26314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26314"
          },
          {
            "name": "24832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24832"
          },
          {
            "name": "26369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26369"
          },
          {
            "name": "sun-java-jnlp-bo(35320)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35320"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "25981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25981"
          },
          {
            "name": "2874",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2874"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/advisories/published/AD20070705.html"
          },
          {
            "name": "1018346",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018346"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "20070711 SUN Java JNLP Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473356/100/0/threaded"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473224/100/0/threaded"
          },
          {
            "name": "27266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27266"
          },
          {
            "name": "102996",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1"
          },
          {
            "name": "SUSE-SA:2007:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11367",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "30284",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/30284"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "RHSA-2007:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
          },
          {
            "name": "20070711 SUN Java JNLP Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
        },
        {
          "name": "37756",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "ADV-2007-2477",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2477"
        },
        {
          "name": "26314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26314"
        },
        {
          "name": "24832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24832"
        },
        {
          "name": "26369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26369"
        },
        {
          "name": "sun-java-jnlp-bo(35320)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35320"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "25981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25981"
        },
        {
          "name": "2874",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2874"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://research.eeye.com/html/advisories/published/AD20070705.html"
        },
        {
          "name": "1018346",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018346"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "20070711 SUN Java JNLP Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473356/100/0/threaded"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473224/100/0/threaded"
        },
        {
          "name": "27266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27266"
        },
        {
          "name": "102996",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1"
        },
        {
          "name": "SUSE-SA:2007:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11367",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "30284",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/30284"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "name": "RHSA-2007:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
        },
        {
          "name": "20070711 SUN Java JNLP Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0818",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
            },
            {
              "name": "37756",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37756"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "ADV-2007-2477",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2477"
            },
            {
              "name": "26314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26314"
            },
            {
              "name": "24832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24832"
            },
            {
              "name": "26369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26369"
            },
            {
              "name": "sun-java-jnlp-bo(35320)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35320"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "25981",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25981"
            },
            {
              "name": "2874",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2874"
            },
            {
              "name": "http://research.eeye.com/html/advisories/published/AD20070705.html",
              "refsource": "MISC",
              "url": "http://research.eeye.com/html/advisories/published/AD20070705.html"
            },
            {
              "name": "1018346",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018346"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "20070711 SUN Java JNLP Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473356/100/0/threaded"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473224/100/0/threaded"
            },
            {
              "name": "27266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27266"
            },
            {
              "name": "102996",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1"
            },
            {
              "name": "SUSE-SA:2007:056",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11367",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "30284",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/30284"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "RHSA-2007:0829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
            },
            {
              "name": "20070711 SUN Java JNLP Overflow",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3655",
    "datePublished": "2007-07-10T19:00:00",
    "dateReserved": "2007-07-10T00:00:00",
    "dateUpdated": "2024-08-07T14:21:36.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3922

Vulnerability from cvelistv5

Published

2007-07-21 00:00

Modified

2024-08-07 14:37

Severity ?

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2007-0818.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/26314	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/248	vendor-advisory, x_refsource_BEA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841	vendor-advisory, x_refsource_SLACKWARE
	http://secunia.com/advisories/30805	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018428	vdb-entry, x_refsource_SECTRACK
	http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm	x_refsource_CONFIRM
	http://secunia.com/advisories/26369	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.vupen.com/english/advisories/2007/2573	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35491	vdb-entry, x_refsource_XF
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3861	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27266	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html	vendor-advisory, x_refsource_SUSE
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/25054	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2007-0829.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27635	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0133.html	vendor-advisory, x_refsource_REDHAT

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
          },
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "102995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1"
          },
          {
            "name": "26314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26314"
          },
          {
            "name": "BEA07-177.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/248"
          },
          {
            "name": "SSA:2007-243-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.486841"
          },
          {
            "name": "30805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30805"
          },
          {
            "name": "1018428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm"
          },
          {
            "name": "26369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26369"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "ADV-2007-2573",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2573"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "sun-java-class-unauthorized-access(35491)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35491"
          },
          {
            "name": "SSRT071465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "HPSBMA02288",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "ADV-2007-3861",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3861"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "27266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27266"
          },
          {
            "name": "SUSE-SA:2007:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "25054",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25054"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "oval:org.mitre.oval:def:10387",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387"
          },
          {
            "name": "RHSA-2007:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          },
          {
            "name": "27635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27635"
          },
          {
            "name": "RHSA-2008:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to certain localhost services running on the machine that loaded the applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
        },
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "102995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1"
        },
        {
          "name": "26314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26314"
        },
        {
          "name": "BEA07-177.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/248"
        },
        {
          "name": "SSA:2007-243-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.486841"
        },
        {
          "name": "30805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30805"
        },
        {
          "name": "1018428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm"
        },
        {
          "name": "26369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26369"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "ADV-2007-2573",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2573"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "sun-java-class-unauthorized-access(35491)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35491"
        },
        {
          "name": "SSRT071465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "HPSBMA02288",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "ADV-2007-3861",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3861"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "27266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27266"
        },
        {
          "name": "SUSE-SA:2007:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "25054",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25054"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "oval:org.mitre.oval:def:10387",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387"
        },
        {
          "name": "RHSA-2007:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        },
        {
          "name": "27635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27635"
        },
        {
          "name": "RHSA-2008:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to certain localhost services running on the machine that loaded the applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0818",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
            },
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "102995",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1"
            },
            {
              "name": "26314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26314"
            },
            {
              "name": "BEA07-177.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/248"
            },
            {
              "name": "SSA:2007-243-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.486841"
            },
            {
              "name": "30805",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30805"
            },
            {
              "name": "1018428",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018428"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm"
            },
            {
              "name": "26369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26369"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "ADV-2007-2573",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2573"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "sun-java-class-unauthorized-access(35491)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35491"
            },
            {
              "name": "SSRT071465",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "HPSBMA02288",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "ADV-2007-3861",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3861"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "27266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27266"
            },
            {
              "name": "SUSE-SA:2007:056",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "25054",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25054"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "oval:org.mitre.oval:def:10387",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387"
            },
            {
              "name": "RHSA-2007:0829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            },
            {
              "name": "27635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27635"
            },
            {
              "name": "RHSA-2008:0133",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3922",
    "datePublished": "2007-07-21T00:00:00",
    "dateReserved": "2007-07-20T00:00:00",
    "dateUpdated": "2024-08-07T14:37:05.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2007_0818

Vulnerability from csaf_redhat

cve-2007-3698

Vulnerability from cvelistv5

cve-2007-3503

Vulnerability from cvelistv5

cve-2007-3655

Vulnerability from cvelistv5

cve-2007-3922

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature