CVE-2007-3922

MEDIUM

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

References

http://dev2dev.bea.com/pub/advisory/248

http://docs.info.apple.com/article.html?artnum=307177

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://secunia.com/advisories/26314

http://secunia.com/advisories/26369

http://secunia.com/advisories/26631

http://secunia.com/advisories/26645

http://secunia.com/advisories/26933

http://secunia.com/advisories/27266

http://secunia.com/advisories/27635

http://secunia.com/advisories/28115

http://secunia.com/advisories/30805

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1

http://support.avaya.com/elmodocs2/security/ASA-2007-322.htm

http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html

http://www.redhat.com/support/errata/RHSA-2007-0818.html

http://www.redhat.com/support/errata/RHSA-2007-0829.html

http://www.redhat.com/support/errata/RHSA-2008-0133.html

http://www.securityfocus.com/bid/25054

http://www.securitytracker.com/id?1018428

http://www.vupen.com/english/advisories/2007/2573

http://www.vupen.com/english/advisories/2007/3009

http://www.vupen.com/english/advisories/2007/3861

http://www.vupen.com/english/advisories/2007/4224

https://exchange.xforce.ibmcloud.com/vulnerabilities/35491

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10387

Details

Source: MITRE

Published: 2007-07-21

Updated: 2017-09-29

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM