249533 – (CVE-2007-3922) CVE-2007-3922 Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

Bug 249533 (CVE-2007-3922) - CVE-2007-3922 Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

Summary: CVE-2007-3922 Vulnerability in the Java Runtime Environment May Allow an Untr...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-3922
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://sunsolve.sun.com/search/docume...
Whiteboard:
Depends On:	250784 250974 250975 251133 337941 337951
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-25 13:39 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:20 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-12 03:30:00 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0818	normal	SHIPPED_LIVE	Critical: java-1.5.0-sun security update	2007-08-06 15:55:10 UTC
Red Hat Product Errata	RHSA-2007:0829	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2007-08-07 19:36:59 UTC
Red Hat Product Errata	RHSA-2008:0133	normal	SHIPPED_LIVE	Moderate: IBMJava2 security update	2008-06-24 09:07:10 UTC

Description Marc Schoenefeld 2007-07-25 13:39:29 UTC

Description of problem:

A security vulnerability in the Java Runtime Environment Applet Class Loader may
allow an untrusted applet that is loaded from a remote system to circumvent
network access restrictions and establish socket connections to certain services
running on the local host, as if it were loaded from the system that the applet
is running on. This may allow the untrusted remote applet the ability to exploit
any security vulnerabilities existing in the services it has connected to.


Version-Release number of selected component (if applicable):

   Affects: RHEL4-EXTRAS-U5

Additional info:

IBM Java may also be affected (due to shared codebase).

Comment 6 Jan Lieskovsky 2010-08-31 13:36:24 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux version 4 Extras

Via RHSA-2007:0818 https://rhn.redhat.com/errata/RHSA-2007-0818.html

Comment 7 Jan Lieskovsky 2010-08-31 13:37:39 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux version 4 Extras
  RHEL Supplementary version 5

Via RHSA-2007:0829 https://rhn.redhat.com/errata/RHSA-2007-0829.html

Comment 8 Jan Lieskovsky 2010-08-31 13:39:04 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux version 2.1

Via RHSA-2008:0133 https://rhn.redhat.com/errata/RHSA-2008-0133.html

Note You need to log in before you can comment on or make changes to this bug.