Bug 449742 (CVE-2007-5375)
Summary: | CVE-2007-5375 Java Multi-pin DNS rebinding allows arbitrary Javascript Execution | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://crypto.stanford.edu/dns/dns-rebinding.pdf | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 15:34:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marc Schoenefeld
2008-06-03 10:11:25 UTC
This is from http://crypto.stanford.edu/dns/dns-rebinding.pdf, the two other bugs from this paper that were also identified alongside this bug were CVE-2007-5273 and CVE-2007-5274. We queried Sun in June 2008 whether this is a duplicate of CVE-2007-5273 or CVE-2007-5274 . But we never received an answer, and Sun never acknowledged this to be an genuine Java bug. Given the age, the low impact, and the fact that the bug doesn't affect our shipped java versions (java-1.5.0-sun deprecated), I would opt to close this. |