csaf_redhat - rhsa-2008

rhsa-2008_0100

Vulnerability from csaf_redhat

Published

2008-03-11 14:09

Modified

2024-11-14 10:06

Summary

Red Hat Security Advisory: java-1.4.2-bea security update

Notes

Topic

Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the "appletviewer" application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the "appletviewer" application. The same flaw could, potentially, crash a server application which processed untrusted font information from a third party. (CVE-2007-4381) A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop files to a desktop application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display over-sized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Please note: the vulnerabilities noted above concerned with applets can only be triggered in java-1.4.2-bea by calling the "appletviewer" application. All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_16 release which resolves these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.4.2-bea packages that correct several security issues and\nadd enhancements are now available for Red Hat Enterprise Linux 3 Extras,\nRed Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit\nVirtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard\nEdition, v1.4.2.\n\nA buffer overflow in the Java Runtime Environment image handling code was\nfound. If an attacker could induce a server application to process a\nspecially crafted image file, the attacker could potentially cause a\ndenial-of-service or execute arbitrary code as the user running the Java\nVirtual Machine. (CVE-2007-2788, CVE-2007-2789)\n\nA denial of service flaw was found in the way the JSSE component processed\nSSL/TLS handshake requests. A remote attacker able to connect to a JSSE\nenabled service could send a specially crafted handshake which would cause\nthe Java Runtime Environment to stop responding to future requests.\n(CVE-2007-3698)\n\nA flaw was found in the way the Java Runtime Environment processed font\ndata. An applet viewed via the \"appletviewer\" application could elevate its\nprivileges, allowing the applet to perform actions with the same\npermissions as the user running the \"appletviewer\" application. The same\nflaw could, potentially, crash a server application which processed\nuntrusted font information from a third party. (CVE-2007-4381)\n\nA flaw in the applet caching mechanism of the Java Runtime Environment\n(JRE) did not correctly process the creation of network connections. A\nremote attacker could use this flaw to create connections to services on\nmachines other than the one that the applet was downloaded from.\n(CVE-2007-5232)\n\nUntrusted Java Applets were able to drag and drop files to a desktop\napplication. A user-assisted remote attacker could use this flaw to move or\ncopy arbitrary files. (CVE-2007-5239)\n\nThe Java Runtime Environment (JRE) allowed untrusted Java Applets or\napplications to display over-sized windows. This could be used by remote\nattackers to hide security warning banners. (CVE-2007-5240)\n\nUnsigned Java Applets communicating via a HTTP proxy could allow a remote\nattacker to violate the Java security model. A cached, malicious Applet\ncould create network connections to services on other machines.\n(CVE-2007-5273)\n\nPlease note: the vulnerabilities noted above concerned with applets can\nonly be triggered in java-1.4.2-bea by calling the \"appletviewer\"\napplication.\n\nAll users of java-1.4.2-bea should upgrade to these updated packages, which\ncontain the BEA WebLogic JRockit 1.4.2_16 release which resolves these\nissues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0100",
        "url": "https://access.redhat.com/errata/RHSA-2008:0100"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://dev2dev.bea.com/pub/advisory/249",
        "url": "http://dev2dev.bea.com/pub/advisory/249"
      },
      {
        "category": "external",
        "summary": "http://dev2dev.bea.com/pub/advisory/248",
        "url": "http://dev2dev.bea.com/pub/advisory/248"
      },
      {
        "category": "external",
        "summary": "http://dev2dev.bea.com/pub/advisory/272",
        "url": "http://dev2dev.bea.com/pub/advisory/272"
      },
      {
        "category": "external",
        "summary": "249539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249539"
      },
      {
        "category": "external",
        "summary": "250725",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725"
      },
      {
        "category": "external",
        "summary": "250729",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729"
      },
      {
        "category": "external",
        "summary": "253488",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253488"
      },
      {
        "category": "external",
        "summary": "321951",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=321951"
      },
      {
        "category": "external",
        "summary": "321991",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=321991"
      },
      {
        "category": "external",
        "summary": "324351",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=324351"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0100.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.4.2-bea security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:04+00:00",
      "generator": {
        "date": "2024-11-14T10:06:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0100",
      "initial_release_date": "2008-03-11T14:09:00+00:00",
      "revision_history": [
        {
          "date": "2008-03-11T14:09:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-03-11T10:09:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux AS version 3 Extras",
                  "product_id": "3AS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Desktop version 3 Extras",
                "product": {
                  "name": "Red Hat Desktop version 3 Extras",
                  "product_id": "3Desktop-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 3 Extras",
                  "product_id": "3ES-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 3 Extras",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 3 Extras",
                  "product_id": "3WS-LACD",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-devel@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-jdbc@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-missioncontrol@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-src@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-demo@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
                "product": {
                  "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_id": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea@1.4.2.16-1jpp.1.el5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
                "product": {
                  "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_id": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-devel@1.4.2.16-1jpp.1.el3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
                "product": {
                  "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_id": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-jdbc@1.4.2.16-1jpp.1.el3?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
                "product": {
                  "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_id": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea@1.4.2.16-1jpp.1.el3?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
                "product": {
                  "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_id": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-devel@1.4.2.16-1jpp.1.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
                "product": {
                  "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_id": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-jdbc@1.4.2.16-1jpp.1.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
                "product": {
                  "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_id": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-src@1.4.2.16-1jpp.1.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
                "product": {
                  "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_id": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-demo@1.4.2.16-1jpp.1.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
                "product": {
                  "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_id": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea@1.4.2.16-1jpp.1.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
                "product": {
                  "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_id": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-devel@1.4.2.16-1jpp.1.el3?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
                "product": {
                  "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_id": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea-jdbc@1.4.2.16-1jpp.1.el3?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
                "product": {
                  "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_id": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-bea@1.4.2.16-1jpp.1.el3?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3 Extras",
          "product_id": "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3AS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Desktop version 3 Extras",
          "product_id": "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3Desktop-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3 Extras",
          "product_id": "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3ES-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3 Extras",
          "product_id": "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
        "relates_to_product_reference": "3WS-LACD"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686"
        },
        "product_reference": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        },
        "product_reference": "java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-2788",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250725"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "RHBZ#250725",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit"
    },
    {
      "cve": "CVE-2007-2789",
      "discovery_date": "2007-05-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250729"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "BMP image parser vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "RHBZ#250729",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789"
        }
      ],
      "release_date": "2007-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "BMP image parser vulnerability"
    },
    {
      "cve": "CVE-2007-3698",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "249539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3698"
        },
        {
          "category": "external",
          "summary": "RHBZ#249539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=249539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3698"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3698",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3698"
        }
      ],
      "release_date": "2007-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition"
    },
    {
      "cve": "CVE-2007-4381",
      "discovery_date": "2007-08-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "253488"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java: Vulnerability in the font parsing code",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4381"
        },
        {
          "category": "external",
          "summary": "RHBZ#253488",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253488"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4381"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4381",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4381"
        }
      ],
      "release_date": "2007-08-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "java: Vulnerability in the font parsing code"
    },
    {
      "cve": "CVE-2007-5232",
      "discovery_date": "2007-10-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "321951"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a DNS rebinding attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Security Vulnerability in Java Runtime Environment With Applet Caching",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5232"
        },
        {
          "category": "external",
          "summary": "RHBZ#321951",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=321951"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5232"
        }
      ],
      "release_date": "2007-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Security Vulnerability in Java Runtime Environment With Applet Caching"
    },
    {
      "cve": "CVE-2007-5239",
      "discovery_date": "2007-10-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "321981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Untrusted Application or Applet May Move or Copy Arbitrary Files",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5239"
        },
        {
          "category": "external",
          "summary": "RHBZ#321981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=321981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5239"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5239",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5239"
        }
      ],
      "release_date": "2007-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Untrusted Application or Applet May Move or Copy Arbitrary Files"
    },
    {
      "cve": "CVE-2007-5240",
      "discovery_date": "2007-10-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "321991"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Applets or Applications are allowed to display an oversized window",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5240"
        },
        {
          "category": "external",
          "summary": "RHBZ#321991",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=321991"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5240"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5240",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5240"
        }
      ],
      "release_date": "2007-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Applets or Applications are allowed to display an oversized window"
    },
    {
      "cve": "CVE-2007-5273",
      "discovery_date": "2007-07-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "324351"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet\u0027s socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Anti-DNS Pinning and Java Applets with HTTP proxy",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
          "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
          "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
          "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5273"
        },
        {
          "category": "external",
          "summary": "RHBZ#324351",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=324351"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5273"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5273",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5273"
        }
      ],
      "release_date": "2007-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-03-11T14:09:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3AS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3Desktop-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3ES-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el3.ia64",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.i686",
            "3WS-LACD:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el3.ia64",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Client-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Client-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-demo-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-devel-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-jdbc-0:1.4.2.16-1jpp.1.el5.ia64",
            "5Server-Supplementary:java-1.4.2-bea-missioncontrol-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.i686",
            "5Server-Supplementary:java-1.4.2-bea-src-0:1.4.2.16-1jpp.1.el5.ia64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0100"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Anti-DNS Pinning and Java Applets with HTTP proxy"
    }
  ]
}

cve-2007-5239

Vulnerability from cvelistv5

Published

2007-10-06 00:00

Modified

2024-08-07 15:24

Severity ?

Summary

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-1041.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2007/3895	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30676	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29042	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27693	third-party-advisory, x_refsource_SECUNIA
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2007_55_java.html	vendor-advisory, x_refsource_SUSE
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1	vendor-advisory, x_refsource_SUNALERT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36950	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27206	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27804	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0963.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2008/0609	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/27261	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/482926/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0156.html	vendor-advisory, x_refsource_REDHAT
	http://dev2dev.bea.com/pub/advisory/272	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1018814	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1856/references	vdb-entry, x_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-2008-0010.html	x_refsource_CONFIRM
	http://secunia.com/advisories/29214	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758	vdb-entry, signature, x_refsource_OVAL

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "RHSA-2007:1041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
          },
          {
            "name": "ADV-2007-3895",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3895"
          },
          {
            "name": "30676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30676"
          },
          {
            "name": "29042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29042"
          },
          {
            "name": "27693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "SUSE-SA:2007:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
          },
          {
            "name": "103072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1"
          },
          {
            "name": "sun-java-dragdrop-weak-security(36950)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36950"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "27206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27206"
          },
          {
            "name": "27804",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27804"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "HPSBUX02284",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "RHSA-2007:0963",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "ADV-2008-0609",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0609"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "27261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27261"
          },
          {
            "name": "SSRT071483",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "RHSA-2008:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
          },
          {
            "name": "BEA08-198.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/272"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "1018814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018814"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "ADV-2008-1856",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1856/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
          },
          {
            "name": "29214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29214"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:8758",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "RHSA-2007:1041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
        },
        {
          "name": "ADV-2007-3895",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3895"
        },
        {
          "name": "30676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30676"
        },
        {
          "name": "29042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29042"
        },
        {
          "name": "27693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "SUSE-SA:2007:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
        },
        {
          "name": "103072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1"
        },
        {
          "name": "sun-java-dragdrop-weak-security(36950)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36950"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "27206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27206"
        },
        {
          "name": "27804",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27804"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "HPSBUX02284",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "RHSA-2007:0963",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "ADV-2008-0609",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0609"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "27261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27261"
        },
        {
          "name": "SSRT071483",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "RHSA-2008:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
        },
        {
          "name": "BEA08-198.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/272"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "1018814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018814"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "ADV-2008-1856",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1856/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
        },
        {
          "name": "29214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29214"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:8758",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "RHSA-2007:1041",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
            },
            {
              "name": "ADV-2007-3895",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3895"
            },
            {
              "name": "30676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30676"
            },
            {
              "name": "29042",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29042"
            },
            {
              "name": "27693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27693"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "SUSE-SA:2007:055",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
            },
            {
              "name": "103072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1"
            },
            {
              "name": "sun-java-dragdrop-weak-security(36950)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36950"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "27206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27206"
            },
            {
              "name": "27804",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27804"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "HPSBUX02284",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "RHSA-2007:0963",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "ADV-2008-0609",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0609"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "27261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27261"
            },
            {
              "name": "SSRT071483",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "RHSA-2008:0156",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
            },
            {
              "name": "BEA08-198.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/272"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "1018814",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018814"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "ADV-2008-1856",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1856/references"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
            },
            {
              "name": "29214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29214"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:8758",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8758"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5239",
    "datePublished": "2007-10-06T00:00:00",
    "dateReserved": "2007-10-05T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4381

Vulnerability from cvelistv5

Published

2007-08-17 21:12

Modified

2024-08-07 14:53

Severity ?

Summary

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://secunia.com/advisories/26402	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/248	vendor-advisory, x_refsource_BEA
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28056	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10290	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2007/2910	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36061	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id?1018576	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/25340	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2007-1086.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "26402",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26402"
          },
          {
            "name": "BEA07-177.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/248"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "103024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1"
          },
          {
            "name": "28056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28056"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10290",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10290"
          },
          {
            "name": "ADV-2007-2910",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2910"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "name": "sun-java-font-privilege-escalation(36061)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36061"
          },
          {
            "name": "1018576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018576"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "25340",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25340"
          },
          {
            "name": "RHSA-2007:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "26402",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26402"
        },
        {
          "name": "BEA07-177.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/248"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "103024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1"
        },
        {
          "name": "28056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28056"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10290",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10290"
        },
        {
          "name": "ADV-2007-2910",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2910"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "name": "sun-java-font-privilege-escalation(36061)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36061"
        },
        {
          "name": "1018576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018576"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "25340",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25340"
        },
        {
          "name": "RHSA-2007:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4381",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "26402",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26402"
            },
            {
              "name": "BEA07-177.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/248"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "103024",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1"
            },
            {
              "name": "28056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28056"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10290",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10290"
            },
            {
              "name": "ADV-2007-2910",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2910"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "sun-java-font-privilege-escalation(36061)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36061"
            },
            {
              "name": "1018576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018576"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "25340",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25340"
            },
            {
              "name": "RHSA-2007:1086",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4381",
    "datePublished": "2007-08-17T21:12:00",
    "dateReserved": "2007-08-17T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5240

Vulnerability from cvelistv5

Published

2007-10-06 00:00

Modified

2024-08-07 15:24

Severity ?

Summary

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-1041.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2007/3895	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30676	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29042	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27693	third-party-advisory, x_refsource_SECUNIA
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2007_55_java.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/31586	third-party-advisory, x_refsource_SECUNIA
	http://download.novell.com/Download?buildid=q5exhSqeBjA~	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36942	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id?1018769	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27206	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27804	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0963.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/25918	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2008/0609	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783	vdb-entry, signature, x_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/27261	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/482926/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1	vendor-advisory, x_refsource_SUNALERT
	http://www.redhat.com/support/errata/RHSA-2008-0156.html	vendor-advisory, x_refsource_REDHAT
	http://dev2dev.bea.com/pub/advisory/272	vendor-advisory, x_refsource_BEA
	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html	x_refsource_CONFIRM
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1856/references	vdb-entry, x_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-2008-0010.html	x_refsource_CONFIRM
	http://secunia.com/advisories/29214	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/31580	third-party-advisory, x_refsource_SECUNIA

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "RHSA-2007:1041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
          },
          {
            "name": "ADV-2007-3895",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3895"
          },
          {
            "name": "30676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30676"
          },
          {
            "name": "29042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29042"
          },
          {
            "name": "27693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "SUSE-SA:2007:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
          },
          {
            "name": "31586",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31586"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~"
          },
          {
            "name": "sun-javawarning-weak-security(36942)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36942"
          },
          {
            "name": "1018769",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018769"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "27206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27206"
          },
          {
            "name": "27804",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27804"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "HPSBUX02284",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "RHSA-2007:0963",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
          },
          {
            "name": "25918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25918"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "ADV-2008-0609",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0609"
          },
          {
            "name": "oval:org.mitre.oval:def:10783",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "27261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27261"
          },
          {
            "name": "SSRT071483",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "103071",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1"
          },
          {
            "name": "RHSA-2008:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
          },
          {
            "name": "BEA08-198.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/272"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "ADV-2008-1856",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1856/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
          },
          {
            "name": "29214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29214"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "31580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31580"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "RHSA-2007:1041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
        },
        {
          "name": "ADV-2007-3895",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3895"
        },
        {
          "name": "30676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30676"
        },
        {
          "name": "29042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29042"
        },
        {
          "name": "27693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "SUSE-SA:2007:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
        },
        {
          "name": "31586",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31586"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~"
        },
        {
          "name": "sun-javawarning-weak-security(36942)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36942"
        },
        {
          "name": "1018769",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018769"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "27206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27206"
        },
        {
          "name": "27804",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27804"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "HPSBUX02284",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "RHSA-2007:0963",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
        },
        {
          "name": "25918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25918"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "ADV-2008-0609",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0609"
        },
        {
          "name": "oval:org.mitre.oval:def:10783",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "27261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27261"
        },
        {
          "name": "SSRT071483",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "103071",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1"
        },
        {
          "name": "RHSA-2008:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
        },
        {
          "name": "BEA08-198.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/272"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "ADV-2008-1856",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1856/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
        },
        {
          "name": "29214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29214"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "name": "31580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31580"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5240",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "RHSA-2007:1041",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
            },
            {
              "name": "ADV-2007-3895",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3895"
            },
            {
              "name": "30676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30676"
            },
            {
              "name": "29042",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29042"
            },
            {
              "name": "27693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27693"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "SUSE-SA:2007:055",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
            },
            {
              "name": "31586",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31586"
            },
            {
              "name": "http://download.novell.com/Download?buildid=q5exhSqeBjA~",
              "refsource": "CONFIRM",
              "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~"
            },
            {
              "name": "sun-javawarning-weak-security(36942)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36942"
            },
            {
              "name": "1018769",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018769"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "27206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27206"
            },
            {
              "name": "27804",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27804"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "HPSBUX02284",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "RHSA-2007:0963",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
            },
            {
              "name": "25918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25918"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "ADV-2008-0609",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0609"
            },
            {
              "name": "oval:org.mitre.oval:def:10783",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "27261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27261"
            },
            {
              "name": "SSRT071483",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "103071",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1"
            },
            {
              "name": "RHSA-2008:0156",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
            },
            {
              "name": "BEA08-198.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/272"
            },
            {
              "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "ADV-2008-1856",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1856/references"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
            },
            {
              "name": "29214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29214"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "31580",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31580"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5240",
    "datePublished": "2007-10-06T00:00:00",
    "dateReserved": "2007-10-05T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-3698

Vulnerability from cvelistv5

Published

2007-07-11 22:00

Modified

2024-08-07 14:28

Severity ?

Summary

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-0818.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2007/2660	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://www.securityfocus.com/bid/24846	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/26314	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634	vdb-entry, signature, x_refsource_OVAL
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html	vendor-advisory, x_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35333	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26015	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28056	third-party-advisory, x_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26221	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450	vendor-advisory, x_refsource_HP
	http://www.securitytracker.com/id?1018357	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3861	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/36663	vdb-entry, x_refsource_OSVDB
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2495	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2007-1086.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/249	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/27635	third-party-advisory, x_refsource_SECUNIA
	http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "RHSA-2007:0818",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
          },
          {
            "name": "ADV-2007-2660",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2660"
          },
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "24846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24846"
          },
          {
            "name": "26314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26314"
          },
          {
            "name": "oval:org.mitre.oval:def:10634",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "20070725 Vulnerability in Java Secure Socket Extension",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
          },
          {
            "name": "sun-jsse-ssltls-dos(35333)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "26015",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26015"
          },
          {
            "name": "28056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28056"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "26221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26221"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "SSRT071465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "HPSBMA02288",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
          },
          {
            "name": "1018357",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018357"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "ADV-2007-3861",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3861"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "102997",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "36663",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36663"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "ADV-2007-2495",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2495"
          },
          {
            "name": "RHSA-2007:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          },
          {
            "name": "BEA07-178.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/249"
          },
          {
            "name": "27635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "RHSA-2007:0818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
        },
        {
          "name": "ADV-2007-2660",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2660"
        },
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "24846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24846"
        },
        {
          "name": "26314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26314"
        },
        {
          "name": "oval:org.mitre.oval:def:10634",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "20070725 Vulnerability in Java Secure Socket Extension",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
        },
        {
          "name": "sun-jsse-ssltls-dos(35333)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "26015",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26015"
        },
        {
          "name": "28056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28056"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "26221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26221"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "SSRT071465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "HPSBMA02288",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
        },
        {
          "name": "1018357",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018357"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "ADV-2007-3861",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3861"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "102997",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "36663",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36663"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "ADV-2007-2495",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2495"
        },
        {
          "name": "RHSA-2007:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        },
        {
          "name": "BEA07-178.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/249"
        },
        {
          "name": "27635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "RHSA-2007:0818",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0818.html"
            },
            {
              "name": "ADV-2007-2660",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2660"
            },
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "24846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24846"
            },
            {
              "name": "26314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26314"
            },
            {
              "name": "oval:org.mitre.oval:def:10634",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10634"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "20070725 Vulnerability in Java Secure Socket Extension",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html"
            },
            {
              "name": "sun-jsse-ssltls-dos(35333)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35333"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "26015",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26015"
            },
            {
              "name": "28056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28056"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "26221",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26221"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "SSRT071465",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "HPSBMA02288",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450"
            },
            {
              "name": "1018357",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018357"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "ADV-2007-3861",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3861"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "102997",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "36663",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36663"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "ADV-2007-2495",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2495"
            },
            {
              "name": "RHSA-2007:1086",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            },
            {
              "name": "BEA07-178.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/249"
            },
            {
              "name": "27635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27635"
            },
            {
              "name": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3698",
    "datePublished": "2007-07-11T22:00:00",
    "dateReserved": "2007-07-11T00:00:00",
    "dateUpdated": "2024-08-07T14:28:51.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2788

Vulnerability from cvelistv5

Published

2007-05-22 00:00

Modified

2024-08-07 13:49

Severity ?

Summary

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

References

▼	URL	Tags
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://lists.vmware.com/pipermail/security-announce/2008/000003.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/26049	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/248	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/26311	third-party-advisory, x_refsource_SECUNIA
	http://www.attrition.org/pipermail/vim/2007-July/001696.html	mailing-list, x_refsource_VIM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34652	vdb-entry, x_refsource_XF
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1	vendor-advisory, x_refsource_SUNALERT
	http://scary.beasts.org/security/CESA-2006-004.html	x_refsource_MISC
	http://secunia.com/advisories/30805	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0065	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34318	vdb-entry, x_refsource_XF
	http://www.kb.cert.org/vuls/id/138545	third-party-advisory, x_refsource_CERT-VN
	http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/24004	vdb-entry, x_refsource_BID
	http://www.attrition.org/pipermail/vim/2007-December/001862.html	mailing-list, x_refsource_VIM
	http://secunia.com/advisories/26369	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28056	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_45_java.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2007/1836	vdb-entry, x_refsource_VUPEN
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0817.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26119	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28365	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/24267	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/25832	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://security.gentoo.org/glsa/glsa-200706-08.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25295	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27266	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html	vendor-advisory, x_refsource_SUSE
	http://www.attrition.org/pipermail/vim/2007-July/001708.html	mailing-list, x_refsource_VIM
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018182	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25474	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-1086.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://www.attrition.org/pipermail/vim/2007-July/001697.html	mailing-list, x_refsource_VIM
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0829.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2008-0133.html	vendor-advisory, x_refsource_REDHAT

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:49:57.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
          },
          {
            "name": "26049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26049"
          },
          {
            "name": "BEA07-177.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/248"
          },
          {
            "name": "26311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26311"
          },
          {
            "name": "20070703 Sun JDK Confusion",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
          },
          {
            "name": "sun-java-image-bo(34652)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652"
          },
          {
            "name": "200856",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2006-004.html"
          },
          {
            "name": "30805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30805"
          },
          {
            "name": "ADV-2008-0065",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0065"
          },
          {
            "name": "sunjava-iccprofile-overflow(34318)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318"
          },
          {
            "name": "VU#138545",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/138545"
          },
          {
            "name": "GLSA-200705-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
          },
          {
            "name": "24004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24004"
          },
          {
            "name": "20071218 Sun JDK Confusion Revisited",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
          },
          {
            "name": "26369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26369"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "102934",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
          },
          {
            "name": "28056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28056"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "SUSE-SA:2007:045",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
          },
          {
            "name": "ADV-2007-1836",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1836"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
          },
          {
            "name": "RHSA-2007:0817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "26119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26119"
          },
          {
            "name": "28365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28365"
          },
          {
            "name": "24267",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24267"
          },
          {
            "name": "25832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25832"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "GLSA-200706-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "25295",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25295"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "27266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27266"
          },
          {
            "name": "SUSE-SA:2007:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
          },
          {
            "name": "20070711 Sun JDK Confusion",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "1018182",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018182"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "25474",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25474"
          },
          {
            "name": "RHSA-2007:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
          },
          {
            "name": "RHSA-2007:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          },
          {
            "name": "oval:org.mitre.oval:def:11700",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700"
          },
          {
            "name": "RHSA-2008:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
        },
        {
          "name": "26049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26049"
        },
        {
          "name": "BEA07-177.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/248"
        },
        {
          "name": "26311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26311"
        },
        {
          "name": "20070703 Sun JDK Confusion",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
        },
        {
          "name": "sun-java-image-bo(34652)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652"
        },
        {
          "name": "200856",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2006-004.html"
        },
        {
          "name": "30805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30805"
        },
        {
          "name": "ADV-2008-0065",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0065"
        },
        {
          "name": "sunjava-iccprofile-overflow(34318)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318"
        },
        {
          "name": "VU#138545",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/138545"
        },
        {
          "name": "GLSA-200705-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
        },
        {
          "name": "24004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24004"
        },
        {
          "name": "20071218 Sun JDK Confusion Revisited",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
        },
        {
          "name": "26369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26369"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "102934",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
        },
        {
          "name": "28056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28056"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "SUSE-SA:2007:045",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
        },
        {
          "name": "ADV-2007-1836",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1836"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
        },
        {
          "name": "RHSA-2007:0817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "26119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26119"
        },
        {
          "name": "28365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28365"
        },
        {
          "name": "24267",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24267"
        },
        {
          "name": "25832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25832"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "GLSA-200706-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "25295",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25295"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "27266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27266"
        },
        {
          "name": "SUSE-SA:2007:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
        },
        {
          "name": "20070711 Sun JDK Confusion",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "1018182",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018182"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "25474",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25474"
        },
        {
          "name": "RHSA-2007:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
        },
        {
          "name": "RHSA-2007:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        },
        {
          "name": "oval:org.mitre.oval:def:11700",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700"
        },
        {
          "name": "RHSA-2008:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
            },
            {
              "name": "26049",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26049"
            },
            {
              "name": "BEA07-177.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/248"
            },
            {
              "name": "26311",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26311"
            },
            {
              "name": "20070703 Sun JDK Confusion",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
            },
            {
              "name": "sun-java-image-bo(34652)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34652"
            },
            {
              "name": "200856",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
            },
            {
              "name": "http://scary.beasts.org/security/CESA-2006-004.html",
              "refsource": "MISC",
              "url": "http://scary.beasts.org/security/CESA-2006-004.html"
            },
            {
              "name": "30805",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30805"
            },
            {
              "name": "ADV-2008-0065",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0065"
            },
            {
              "name": "sunjava-iccprofile-overflow(34318)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34318"
            },
            {
              "name": "VU#138545",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/138545"
            },
            {
              "name": "GLSA-200705-23",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
            },
            {
              "name": "24004",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24004"
            },
            {
              "name": "20071218 Sun JDK Confusion Revisited",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
            },
            {
              "name": "26369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26369"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "102934",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
            },
            {
              "name": "28056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28056"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "SUSE-SA:2007:045",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
            },
            {
              "name": "ADV-2007-1836",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1836"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
            },
            {
              "name": "RHSA-2007:0817",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "26119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26119"
            },
            {
              "name": "28365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28365"
            },
            {
              "name": "24267",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24267"
            },
            {
              "name": "25832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25832"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "GLSA-200706-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "25295",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25295"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "27266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27266"
            },
            {
              "name": "SUSE-SA:2007:056",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
            },
            {
              "name": "20070711 Sun JDK Confusion",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "1018182",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018182"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "25474",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25474"
            },
            {
              "name": "RHSA-2007:1086",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
            },
            {
              "name": "RHSA-2007:0829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            },
            {
              "name": "oval:org.mitre.oval:def:11700",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11700"
            },
            {
              "name": "RHSA-2008:0133",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2788",
    "datePublished": "2007-05-22T00:00:00",
    "dateReserved": "2007-05-21T00:00:00",
    "dateUpdated": "2024-08-07T13:49:57.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2789

Vulnerability from cvelistv5

Published

2007-05-22 00:00

Modified

2024-08-07 13:49

Severity ?

Summary

The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.

References

▼	URL	Tags
	http://secunia.com/advisories/26933	third-party-advisory, x_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34654	vdb-entry, x_refsource_XF
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/26049	third-party-advisory, x_refsource_SECUNIA
	http://dev2dev.bea.com/pub/advisory/248	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/26311	third-party-advisory, x_refsource_SECUNIA
	http://www.attrition.org/pipermail/vim/2007-July/001696.html	mailing-list, x_refsource_VIM
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1	vendor-advisory, x_refsource_SUNALERT
	http://scary.beasts.org/security/CESA-2006-004.html	x_refsource_MISC
	http://secunia.com/advisories/30805	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/24004	vdb-entry, x_refsource_BID
	http://www.attrition.org/pipermail/vim/2007-December/001862.html	mailing-list, x_refsource_VIM
	http://secunia.com/advisories/26369	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28056	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_45_java.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2007/1836	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34320	vdb-entry, x_refsource_XF
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-0956.html	vendor-advisory, x_refsource_REDHAT
	http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0817.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26645	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26119	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25832	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://security.gentoo.org/glsa/glsa-200706-08.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25295	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/3009	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/27266	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html	vendor-advisory, x_refsource_SUSE
	http://www.attrition.org/pipermail/vim/2007-July/001708.html	mailing-list, x_refsource_VIM
	http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018182	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2008-0261.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25474	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-1086.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/27203	third-party-advisory, x_refsource_SECUNIA
	http://www.attrition.org/pipermail/vim/2007-July/001697.html	mailing-list, x_refsource_VIM
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2007-0829.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/26631	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0133.html	vendor-advisory, x_refsource_REDHAT

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:49:57.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26933",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26933"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "sun-java-virtual-machine-dos(34654)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654"
          },
          {
            "name": "oval:org.mitre.oval:def:10800",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800"
          },
          {
            "name": "26049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26049"
          },
          {
            "name": "BEA07-177.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/248"
          },
          {
            "name": "26311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26311"
          },
          {
            "name": "20070703 Sun JDK Confusion",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
          },
          {
            "name": "200856",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2006-004.html"
          },
          {
            "name": "30805",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30805"
          },
          {
            "name": "GLSA-200705-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
          },
          {
            "name": "24004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24004"
          },
          {
            "name": "20071218 Sun JDK Confusion Revisited",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
          },
          {
            "name": "26369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26369"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "102934",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
          },
          {
            "name": "28056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28056"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "SUSE-SA:2007:045",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
          },
          {
            "name": "ADV-2007-1836",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1836"
          },
          {
            "name": "sunjava-bmp-dos(34320)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "RHSA-2007:0956",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
          },
          {
            "name": "RHSA-2007:0817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
          },
          {
            "name": "26645",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26645"
          },
          {
            "name": "26119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26119"
          },
          {
            "name": "25832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25832"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "GLSA-200706-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "25295",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25295"
          },
          {
            "name": "ADV-2007-3009",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3009"
          },
          {
            "name": "27266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27266"
          },
          {
            "name": "SUSE-SA:2007:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
          },
          {
            "name": "20070711 Sun JDK Confusion",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
          },
          {
            "name": "GLSA-200709-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "1018182",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018182"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "25474",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25474"
          },
          {
            "name": "RHSA-2007:1086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
          },
          {
            "name": "27203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27203"
          },
          {
            "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
          },
          {
            "name": "RHSA-2007:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
          },
          {
            "name": "26631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26631"
          },
          {
            "name": "RHSA-2008:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26933",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26933"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "sun-java-virtual-machine-dos(34654)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654"
        },
        {
          "name": "oval:org.mitre.oval:def:10800",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800"
        },
        {
          "name": "26049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26049"
        },
        {
          "name": "BEA07-177.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/248"
        },
        {
          "name": "26311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26311"
        },
        {
          "name": "20070703 Sun JDK Confusion",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
        },
        {
          "name": "200856",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2006-004.html"
        },
        {
          "name": "30805",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30805"
        },
        {
          "name": "GLSA-200705-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
        },
        {
          "name": "24004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24004"
        },
        {
          "name": "20071218 Sun JDK Confusion Revisited",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
        },
        {
          "name": "26369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26369"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "102934",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
        },
        {
          "name": "28056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28056"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "SUSE-SA:2007:045",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
        },
        {
          "name": "ADV-2007-1836",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1836"
        },
        {
          "name": "sunjava-bmp-dos(34320)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "RHSA-2007:0956",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
        },
        {
          "name": "RHSA-2007:0817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
        },
        {
          "name": "26645",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26645"
        },
        {
          "name": "26119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26119"
        },
        {
          "name": "25832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25832"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "GLSA-200706-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "25295",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25295"
        },
        {
          "name": "ADV-2007-3009",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3009"
        },
        {
          "name": "27266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27266"
        },
        {
          "name": "SUSE-SA:2007:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
        },
        {
          "name": "20070711 Sun JDK Confusion",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
        },
        {
          "name": "GLSA-200709-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "1018182",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018182"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "25474",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25474"
        },
        {
          "name": "RHSA-2007:1086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
        },
        {
          "name": "27203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27203"
        },
        {
          "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
        },
        {
          "name": "RHSA-2007:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
        },
        {
          "name": "26631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26631"
        },
        {
          "name": "RHSA-2008:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26933",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26933"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "sun-java-virtual-machine-dos(34654)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34654"
            },
            {
              "name": "oval:org.mitre.oval:def:10800",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10800"
            },
            {
              "name": "26049",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26049"
            },
            {
              "name": "BEA07-177.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/248"
            },
            {
              "name": "26311",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26311"
            },
            {
              "name": "20070703 Sun JDK Confusion",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001696.html"
            },
            {
              "name": "200856",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200856-1"
            },
            {
              "name": "http://scary.beasts.org/security/CESA-2006-004.html",
              "refsource": "MISC",
              "url": "http://scary.beasts.org/security/CESA-2006-004.html"
            },
            {
              "name": "30805",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30805"
            },
            {
              "name": "GLSA-200705-23",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
            },
            {
              "name": "24004",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24004"
            },
            {
              "name": "20071218 Sun JDK Confusion Revisited",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-December/001862.html"
            },
            {
              "name": "26369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26369"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "102934",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1"
            },
            {
              "name": "28056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28056"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "SUSE-SA:2007:045",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html"
            },
            {
              "name": "ADV-2007-1836",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1836"
            },
            {
              "name": "sunjava-bmp-dos(34320)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34320"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "RHSA-2007:0956",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0956.html"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html"
            },
            {
              "name": "RHSA-2007:0817",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
            },
            {
              "name": "26645",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26645"
            },
            {
              "name": "26119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26119"
            },
            {
              "name": "25832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25832"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "GLSA-200706-08",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "25295",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25295"
            },
            {
              "name": "ADV-2007-3009",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3009"
            },
            {
              "name": "27266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27266"
            },
            {
              "name": "SUSE-SA:2007:056",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"
            },
            {
              "name": "20070711 Sun JDK Confusion",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001708.html"
            },
            {
              "name": "GLSA-200709-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "1018182",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018182"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "25474",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25474"
            },
            {
              "name": "RHSA-2007:1086",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1086.html"
            },
            {
              "name": "27203",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27203"
            },
            {
              "name": "20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-July/001697.html"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html"
            },
            {
              "name": "RHSA-2007:0829",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
            },
            {
              "name": "26631",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26631"
            },
            {
              "name": "RHSA-2008:0133",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0133.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2789",
    "datePublished": "2007-05-22T00:00:00",
    "dateReserved": "2007-05-21T00:00:00",
    "dateUpdated": "2024-08-07T13:49:57.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5232

Vulnerability from cvelistv5

Published

2007-10-05 23:00

Modified

2024-08-07 15:24

Severity ?

Summary

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2007-1041.html	vendor-advisory, x_refsource_REDHAT
	http://docs.info.apple.com/article.html?artnum=307177	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/3895	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30676	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29042	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27693	third-party-advisory, x_refsource_SECUNIA
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://www.novell.com/linux/security/advisories/2007_55_java.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27206	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27804	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-0963.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/25918	vdb-entry, x_refsource_BID
	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2008/0609	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/27261	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1018768	vdb-entry, x_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331	vdb-entry, signature, x_refsource_OVAL
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/482926/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/36941	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0156.html	vendor-advisory, x_refsource_REDHAT
	http://dev2dev.bea.com/pub/advisory/272	vendor-advisory, x_refsource_BEA
	http://www.vupen.com/english/advisories/2007/4224	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1	vendor-advisory, x_refsource_SUNALERT
	http://www.kb.cert.org/vuls/id/336105	third-party-advisory, x_refsource_CERT-VN
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1856/references	vdb-entry, x_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-2008-0010.html	x_refsource_CONFIRM
	http://secunia.com/advisories/29214	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28115	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO
	http://conference.hitb.org/hitbsecconf2007kl/?page_id=148	x_refsource_MISC

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf"
          },
          {
            "name": "RHSA-2007:1041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "name": "ADV-2007-3895",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3895"
          },
          {
            "name": "30676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30676"
          },
          {
            "name": "29042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29042"
          },
          {
            "name": "27693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "SUSE-SA:2007:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "27206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27206"
          },
          {
            "name": "27804",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27804"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "HPSBUX02284",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "RHSA-2007:0963",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
          },
          {
            "name": "25918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25918"
          },
          {
            "name": "APPLE-SA-2007-12-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "ADV-2008-0609",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0609"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "27261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27261"
          },
          {
            "name": "1018768",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018768"
          },
          {
            "name": "oval:org.mitre.oval:def:9331",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331"
          },
          {
            "name": "SSRT071483",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
          },
          {
            "name": "sun-java-appletcaching-security-bypass(36941)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36941"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "RHSA-2008:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
          },
          {
            "name": "BEA08-198.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/272"
          },
          {
            "name": "ADV-2007-4224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4224"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "103079",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1"
          },
          {
            "name": "VU#336105",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/336105"
          },
          {
            "name": "201519",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "ADV-2008-1856",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1856/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
          },
          {
            "name": "29214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29214"
          },
          {
            "name": "28115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28115"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://conference.hitb.org/hitbsecconf2007kl/?page_id=148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a DNS rebinding attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf"
        },
        {
          "name": "RHSA-2007:1041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307177"
        },
        {
          "name": "ADV-2007-3895",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3895"
        },
        {
          "name": "30676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30676"
        },
        {
          "name": "29042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29042"
        },
        {
          "name": "27693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "SUSE-SA:2007:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "27206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27206"
        },
        {
          "name": "27804",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27804"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "HPSBUX02284",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "RHSA-2007:0963",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
        },
        {
          "name": "25918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25918"
        },
        {
          "name": "APPLE-SA-2007-12-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "ADV-2008-0609",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0609"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "27261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27261"
        },
        {
          "name": "1018768",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018768"
        },
        {
          "name": "oval:org.mitre.oval:def:9331",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331"
        },
        {
          "name": "SSRT071483",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
        },
        {
          "name": "sun-java-appletcaching-security-bypass(36941)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36941"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "RHSA-2008:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
        },
        {
          "name": "BEA08-198.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/272"
        },
        {
          "name": "ADV-2007-4224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4224"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "103079",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1"
        },
        {
          "name": "VU#336105",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/336105"
        },
        {
          "name": "201519",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "ADV-2008-1856",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1856/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
        },
        {
          "name": "29214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29214"
        },
        {
          "name": "28115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28115"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://conference.hitb.org/hitbsecconf2007kl/?page_id=148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a DNS rebinding attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf",
              "refsource": "MISC",
              "url": "http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf"
            },
            {
              "name": "RHSA-2007:1041",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307177",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=307177"
            },
            {
              "name": "ADV-2007-3895",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3895"
            },
            {
              "name": "30676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30676"
            },
            {
              "name": "29042",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29042"
            },
            {
              "name": "27693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27693"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "SUSE-SA:2007:055",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "27206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27206"
            },
            {
              "name": "27804",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27804"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "HPSBUX02284",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "RHSA-2007:0963",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
            },
            {
              "name": "25918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25918"
            },
            {
              "name": "APPLE-SA-2007-12-14",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "ADV-2008-0609",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0609"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "27261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27261"
            },
            {
              "name": "1018768",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018768"
            },
            {
              "name": "oval:org.mitre.oval:def:9331",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9331"
            },
            {
              "name": "SSRT071483",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
            },
            {
              "name": "sun-java-appletcaching-security-bypass(36941)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36941"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "RHSA-2008:0156",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
            },
            {
              "name": "BEA08-198.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/272"
            },
            {
              "name": "ADV-2007-4224",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4224"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "103079",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1"
            },
            {
              "name": "VU#336105",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/336105"
            },
            {
              "name": "201519",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201519-1"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "ADV-2008-1856",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1856/references"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
            },
            {
              "name": "29214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29214"
            },
            {
              "name": "28115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28115"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "http://conference.hitb.org/hitbsecconf2007kl/?page_id=148",
              "refsource": "MISC",
              "url": "http://conference.hitb.org/hitbsecconf2007kl/?page_id=148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5232",
    "datePublished": "2007-10-05T23:00:00",
    "dateReserved": "2007-10-05T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5273

Vulnerability from cvelistv5

Published

2007-10-08 23:00

Modified

2024-08-07 15:24

Severity ?

Summary

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2008-0132.html	vendor-advisory, x_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2007-1041.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2007/3895	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29042	third-party-advisory, x_refsource_SECUNIA
	http://crypto.stanford.edu/dns/dns-rebinding.pdf	x_refsource_MISC
	http://secunia.com/advisories/27693	third-party-advisory, x_refsource_SECUNIA
	http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html	x_refsource_CONFIRM
	http://securitytracker.com/id?1018771	vdb-entry, x_refsource_SECTRACK
	http://www.novell.com/linux/security/advisories/2007_55_java.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/fulldisclosure/2007/Jul/0159.html	mailing-list, x_refsource_FULLDISC
	http://secunia.com/advisories/29897	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27206	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27804	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisory, x_refsource_GENTOO
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/29858	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/45527	vdb-entry, x_refsource_OSVDB
	http://www.redhat.com/support/errata/RHSA-2007-0963.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/25918	vdb-entry, x_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2008-0100.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2008/0609	vdb-entry, x_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1	vendor-advisory, x_refsource_SUNALERT
	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/27261	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1	vendor-advisory, x_refsource_SUNALERT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/482926/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/28777	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-0156.html	vendor-advisory, x_refsource_REDHAT
	http://dev2dev.bea.com/pub/advisory/272	vendor-advisory, x_refsource_BEA
	http://secunia.com/advisories/30780	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28880	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27716	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29214	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29340	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340	vdb-entry, signature, x_refsource_OVAL
	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml	vendor-advisory, x_refsource_GENTOO

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:24:42.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2008:0132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
          },
          {
            "name": "RHSA-2007:1041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
          },
          {
            "name": "ADV-2007-3895",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3895"
          },
          {
            "name": "29042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29042"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
          },
          {
            "name": "27693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
          },
          {
            "name": "1018771",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018771"
          },
          {
            "name": "SUSE-SA:2007:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
          },
          {
            "name": "20070709 Anti-DNS Pinning and Java Applets",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "27206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27206"
          },
          {
            "name": "27804",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27804"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "HPSBUX02284",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "45527",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/45527"
          },
          {
            "name": "RHSA-2007:0963",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
          },
          {
            "name": "25918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25918"
          },
          {
            "name": "RHSA-2008:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
          },
          {
            "name": "ADV-2008-0609",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0609"
          },
          {
            "name": "200041",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "name": "27261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27261"
          },
          {
            "name": "103078",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"
          },
          {
            "name": "SSRT071483",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
          },
          {
            "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
          },
          {
            "name": "28777",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28777"
          },
          {
            "name": "RHSA-2008:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
          },
          {
            "name": "BEA08-198.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/272"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "28880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28880"
          },
          {
            "name": "27716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27716"
          },
          {
            "name": "29214",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29214"
          },
          {
            "name": "29340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29340"
          },
          {
            "name": "oval:org.mitre.oval:def:10340",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet\u0027s socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2008:0132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
        },
        {
          "name": "RHSA-2007:1041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
        },
        {
          "name": "ADV-2007-3895",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3895"
        },
        {
          "name": "29042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29042"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
        },
        {
          "name": "27693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
        },
        {
          "name": "1018771",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018771"
        },
        {
          "name": "SUSE-SA:2007:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
        },
        {
          "name": "20070709 Anti-DNS Pinning and Java Applets",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "27206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27206"
        },
        {
          "name": "27804",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27804"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "HPSBUX02284",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "45527",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/45527"
        },
        {
          "name": "RHSA-2007:0963",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
        },
        {
          "name": "25918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25918"
        },
        {
          "name": "RHSA-2008:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
        },
        {
          "name": "ADV-2008-0609",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0609"
        },
        {
          "name": "200041",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "name": "27261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27261"
        },
        {
          "name": "103078",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"
        },
        {
          "name": "SSRT071483",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
        },
        {
          "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
        },
        {
          "name": "28777",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28777"
        },
        {
          "name": "RHSA-2008:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
        },
        {
          "name": "BEA08-198.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/272"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "28880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28880"
        },
        {
          "name": "27716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27716"
        },
        {
          "name": "29214",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29214"
        },
        {
          "name": "29340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29340"
        },
        {
          "name": "oval:org.mitre.oval:def:10340",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet\u0027s outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet\u0027s socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2008:0132",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html"
            },
            {
              "name": "RHSA-2007:1041",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html"
            },
            {
              "name": "ADV-2007-3895",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3895"
            },
            {
              "name": "29042",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29042"
            },
            {
              "name": "http://crypto.stanford.edu/dns/dns-rebinding.pdf",
              "refsource": "MISC",
              "url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf"
            },
            {
              "name": "27693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27693"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html"
            },
            {
              "name": "1018771",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018771"
            },
            {
              "name": "SUSE-SA:2007:055",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"
            },
            {
              "name": "20070709 Anti-DNS Pinning and Java Applets",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "27206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27206"
            },
            {
              "name": "27804",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27804"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "HPSBUX02284",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "45527",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/45527"
            },
            {
              "name": "RHSA-2007:0963",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html"
            },
            {
              "name": "25918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25918"
            },
            {
              "name": "RHSA-2008:0100",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html"
            },
            {
              "name": "ADV-2008-0609",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0609"
            },
            {
              "name": "200041",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "27261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27261"
            },
            {
              "name": "103078",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1"
            },
            {
              "name": "SSRT071483",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"
            },
            {
              "name": "20071029 FLEA-2007-0061-1 sun-jre sun-jdk",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded"
            },
            {
              "name": "28777",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28777"
            },
            {
              "name": "RHSA-2008:0156",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html"
            },
            {
              "name": "BEA08-198.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/272"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "28880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28880"
            },
            {
              "name": "27716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27716"
            },
            {
              "name": "29214",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29214"
            },
            {
              "name": "29340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29340"
            },
            {
              "name": "oval:org.mitre.oval:def:10340",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5273",
    "datePublished": "2007-10-08T23:00:00",
    "dateReserved": "2007-10-08T00:00:00",
    "dateUpdated": "2024-08-07T15:24:42.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature