CVE-2007-3922

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

References

http://dev2dev.bea.com/pub/advisory/248

http://docs.info.apple.com/article.html?artnum=307177

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://secunia.com/advisories/26314

http://secunia.com/advisories/26369

http://secunia.com/advisories/26631

http://secunia.com/advisories/26645

http://secunia.com/advisories/26933

http://secunia.com/advisories/27266

http://secunia.com/advisories/27635

http://secunia.com/advisories/28115

http://secunia.com/advisories/30805

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm

http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html

http://www.redhat.com/support/errata/RHSA-2007-0818.html

http://www.redhat.com/support/errata/RHSA-2007-0829.html

http://www.redhat.com/support/errata/RHSA-2008-0133.html

http://www.securityfocus.com/bid/25054

http://www.securitytracker.com/id?1018428

http://www.vupen.com/english/advisories/2007/2573

http://www.vupen.com/english/advisories/2007/3009

http://www.vupen.com/english/advisories/2007/3861

http://www.vupen.com/english/advisories/2007/4224

https://exchange.xforce.ibmcloud.com/vulnerabilities/35491

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387

Details

Source: MITRE

Published: 2007-07-21

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:*:update9:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:*:update1:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:*:update11:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:*:update1:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:* versions up to 1.4.2_14 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
63843RHEL 4 : java-1.5.0-sun (RHSA-2007:0818)NessusRed Hat Local Security Checks
high
60344Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60316Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
40706RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829)NessusRed Hat Local Security Checks
critical
39378HP-UX PHSS_38148 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 19NessusHP-UX Local Security Checks
high
39377HP-UX PHSS_38147 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19NessusHP-UX Local Security Checks
high
34952HP-UX PHSS_38761 : s700_800 11.X OV NNM7.01 Intermediate Patch 12NessusHP-UX Local Security Checks
critical
33247RHEL 2.1 : IBMJava2 (RHSA-2008:0133)NessusRed Hat Local Security Checks
medium
29702Mac OS X : Java for Mac OS X 10.4 Release 6NessusMacOS X Local Security Checks
critical
29475SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)NessusSuSE Local Security Checks
medium
29470SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)NessusSuSE Local Security Checks
medium
28272HP-UX PHSS_37197 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
28271HP-UX PHSS_37183 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
28270HP-UX PHSS_37182 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)NessusHP-UX Local Security Checks
high
26117GLSA-200709-15 : BEA JRockit: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
25957Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : java (jre, jdk) (SSA:2007-243-01)NessusSlackware Local Security Checks
medium