CVE-2007-5240

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.

References

http://dev2dev.bea.com/pub/advisory/272

http://download.novell.com/Download?buildid=q5exhSqeBjA~

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

http://secunia.com/advisories/27206

http://secunia.com/advisories/27261

http://secunia.com/advisories/27693

http://secunia.com/advisories/27716

http://secunia.com/advisories/27804

http://secunia.com/advisories/28777

http://secunia.com/advisories/28880

http://secunia.com/advisories/29042

http://secunia.com/advisories/29214

http://secunia.com/advisories/29340

http://secunia.com/advisories/29858

http://secunia.com/advisories/29897

http://secunia.com/advisories/30676

http://secunia.com/advisories/30780

http://secunia.com/advisories/31580

http://secunia.com/advisories/31586

http://security.gentoo.org/glsa/glsa-200804-28.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

http://www.novell.com/linux/security/advisories/2007_55_java.html

http://www.redhat.com/support/errata/RHSA-2007-0963.html

http://www.redhat.com/support/errata/RHSA-2007-1041.html

http://www.redhat.com/support/errata/RHSA-2008-0100.html

http://www.redhat.com/support/errata/RHSA-2008-0132.html

http://www.redhat.com/support/errata/RHSA-2008-0156.html

http://www.securityfocus.com/archive/1/482926/100/0/threaded

http://www.securityfocus.com/bid/25918

http://www.securitytracker.com/id?1018769

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

http://www.vupen.com/english/advisories/2007/3895

http://www.vupen.com/english/advisories/2008/0609

http://www.vupen.com/english/advisories/2008/1856/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/36942

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10783

Details

Source: MITRE

Published: 2007-10-06

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.3.1:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.1:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
64824Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)NessusMisc.
critical
60344Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60316Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
41226SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12210)NessusSuSE Local Security Checks
medium
41210SuSE9 Security Update : IBM Java 2 JRE and SDK (YOU Patch Number 12142)NessusSuSE Local Security Checks
high
40716RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0156)NessusRed Hat Local Security Checks
critical
40714RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132)NessusRed Hat Local Security Checks
high
40712RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)NessusRed Hat Local Security Checks
high
40710RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:1041)NessusRed Hat Local Security Checks
medium
40709RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)NessusRed Hat Local Security Checks
critical
40379VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenterNessusVMware ESX Local Security Checks
critical
40371VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)NessusVMware ESX Local Security Checks
critical
34024SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5465)NessusSuSE Local Security Checks
medium
32050SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)NessusSuSE Local Security Checks
critical
32049SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182)NessusSuSE Local Security Checks
high
32013GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
29476SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)NessusSuSE Local Security Checks
high
29473SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 4533)NessusSuSE Local Security Checks
high
27513openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-4525)NessusSuSE Local Security Checks
high
27512openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-4527)NessusSuSE Local Security Checks
high
27511openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)NessusSuSE Local Security Checks
high
26923Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)NessusWindows
high