CVE-2007-5273

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://dev2dev.bea.com/pub/advisory/272
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://osvdb.org/45527
http://seclists.org/fulldisclosure/2007/Jul/0159.html
http://secunia.com/advisories/27206	Vendor Advisory
http://secunia.com/advisories/27261	Vendor Advisory
http://secunia.com/advisories/27693	Vendor Advisory
http://secunia.com/advisories/27716	Vendor Advisory
http://secunia.com/advisories/27804	Vendor Advisory
http://secunia.com/advisories/28777	Vendor Advisory
http://secunia.com/advisories/28880	Vendor Advisory
http://secunia.com/advisories/29042	Vendor Advisory
http://secunia.com/advisories/29214	Vendor Advisory
http://secunia.com/advisories/29340	Vendor Advisory
http://secunia.com/advisories/29858	Vendor Advisory
http://secunia.com/advisories/29897	Vendor Advisory
http://secunia.com/advisories/30780	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://securitytracker.com/id?1018771	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1	Vendor Advisory
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.novell.com/linux/security/advisories/2007_55_java.html
http://www.redhat.com/support/errata/RHSA-2007-0963.html
http://www.redhat.com/support/errata/RHSA-2007-1041.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://www.redhat.com/support/errata/RHSA-2008-0156.html
http://www.securityfocus.com/archive/1/482926/100/0/threaded
http://www.securityfocus.com/bid/25918
http://www.vupen.com/english/advisories/2007/3895	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0609	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340
http://crypto.stanford.edu/dns/dns-rebinding.pdf
http://dev2dev.bea.com/pub/advisory/272
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://osvdb.org/45527
http://seclists.org/fulldisclosure/2007/Jul/0159.html
http://secunia.com/advisories/27206	Vendor Advisory
http://secunia.com/advisories/27261	Vendor Advisory
http://secunia.com/advisories/27693	Vendor Advisory
http://secunia.com/advisories/27716	Vendor Advisory
http://secunia.com/advisories/27804	Vendor Advisory
http://secunia.com/advisories/28777	Vendor Advisory
http://secunia.com/advisories/28880	Vendor Advisory
http://secunia.com/advisories/29042	Vendor Advisory
http://secunia.com/advisories/29214	Vendor Advisory
http://secunia.com/advisories/29340	Vendor Advisory
http://secunia.com/advisories/29858	Vendor Advisory
http://secunia.com/advisories/29897	Vendor Advisory
http://secunia.com/advisories/30780	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://securitytracker.com/id?1018771	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1	Vendor Advisory
http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.novell.com/linux/security/advisories/2007_55_java.html
http://www.redhat.com/support/errata/RHSA-2007-0963.html
http://www.redhat.com/support/errata/RHSA-2007-1041.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://www.redhat.com/support/errata/RHSA-2008-0156.html
http://www.securityfocus.com/archive/1/482926/100/0/threaded
http://www.securityfocus.com/bid/25918
http://www.vupen.com/english/advisories/2007/3895	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0609	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:jdk:1.5.0:update1::::::
	cpe:2.3:a:sun:jdk:1.5.0:update10::::::
	cpe:2.3:a:sun:jdk:1.5.0:update11::::::
	cpe:2.3:a:sun:jdk:1.5.0:update12::::::
	cpe:2.3:a:sun:jdk:1.5.0:update2::::::
	cpe:2.3:a:sun:jdk:1.5.0:update3::::::
	cpe:2.3:a:sun:jdk:1.5.0:update4::::::
	cpe:2.3:a:sun:jdk:1.5.0:update5::::::
	cpe:2.3:a:sun:jdk:1.5.0:update7::::::
	cpe:2.3:a:sun:jdk:1.5.0:update8::::::
	cpe:2.3:a:sun:jdk:1.5.0:update9::::::
	cpe:2.3:a:sun:jdk:1.6.0:update1::::::
	cpe:2.3:a:sun:jdk:1.6.0:update2::::::
	cpe:2.3:a:sun:jre:1.3.0:::::::*
	cpe:2.3:a:sun:jre:1.3.0:update5::::::
	cpe:2.3:a:sun:jre:1.3.1:update1::::::
	cpe:2.3:a:sun:jre:1.3.1:update16::::::
	cpe:2.3:a:sun:jre:1.3.1:update18::::::
	cpe:2.3:a:sun:jre:1.3.1:update19::::::
	cpe:2.3:a:sun:jre:1.3.1:update1a::::::
	cpe:2.3:a:sun:jre:1.3.1:update20::::::
	cpe:2.3:a:sun:jre:1.4:::::::*
	cpe:2.3:a:sun:jre:1.4.1:update3::::::
	cpe:2.3:a:sun:jre:1.4.2:::::::*
	cpe:2.3:a:sun:jre:1.4.2_1:::::::*
	cpe:2.3:a:sun:jre:1.4.2_3:::::::*
	cpe:2.3:a:sun:jre:1.4.2_8:::::::*
	cpe:2.3:a:sun:jre:1.4.2_9:::::::*
	cpe:2.3:a:sun:jre:1.4.2_10:::::::*
	cpe:2.3:a:sun:jre:1.4.2_11:::::::*
	cpe:2.3:a:sun:jre:1.4.2_12:::::::*
	cpe:2.3:a:sun:jre:1.4.2_13:::::::*
	cpe:2.3:a:sun:jre:1.4.2_14:::::::*
	cpe:2.3:a:sun:jre:1.4.2_15:::::::*
	cpe:2.3:a:sun:jre:1.5.0:update1::::::
	cpe:2.3:a:sun:jre:1.5.0:update10::::::
	cpe:2.3:a:sun:jre:1.5.0:update11::::::
	cpe:2.3:a:sun:jre:1.5.0:update12::::::
	cpe:2.3:a:sun:jre:1.5.0:update2::::::
	cpe:2.3:a:sun:jre:1.5.0:update3::::::
	cpe:2.3:a:sun:jre:1.5.0:update4::::::
	cpe:2.3:a:sun:jre:1.5.0:update5::::::
	cpe:2.3:a:sun:jre:1.5.0:update6::::::
	cpe:2.3:a:sun:jre:1.5.0:update7::::::
	cpe:2.3:a:sun:jre:1.5.0:update8::::::
	cpe:2.3:a:sun:jre:1.5.0:update9::::::
	cpe:2.3:a:sun:jre:1.6.0:update_1::::::
	cpe:2.3:a:sun:jre:1.6.0:update_2::::::
	cpe:2.3:a:sun:sdk:1.3.1_01:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_01a:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_16:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_18:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_19:::::::*
	cpe:2.3:a:sun:sdk:1.3.1_20:::::::*
	cpe:2.3:a:sun:sdk:1.4.2:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_03:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_08:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_09:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
	cpe:2.3:a:sun:sdk:1.4.2_15:::::::*

History

21 Nov 2024, 00:37

Information

Published : 2007-10-08 23:17

Updated : 2025-04-09 00:30

NVD link : CVE-2007-5273

Mitre link : CVE-2007-5273

CVE.ORG link : CVE-2007-5273

JSON object : View

Products Affected

sun

CWE

NVD-CWE-Other

{"id": "CVE-2007-5273", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-10-08T23:17:00.000", "references": [{"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf", "source": "cve@mitre.org"}, {"url": "http://dev2dev.bea.com/pub/advisory/272", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/45527", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27206", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27261", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27693", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27716", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27804", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28777", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28880", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29042", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29214", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29340", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29858", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29897", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30780", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1018771", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_55_java.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25918", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3895", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0609", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340", "source": "cve@mitre.org"}, {"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://dev2dev.bea.com/pub/advisory/272", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/45527", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2007/Jul/0159.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27206", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27261", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27693", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27716", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27804", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28777", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28880", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29042", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29214", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29340", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29858", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29897", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30780", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1018771", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200041-1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2007_55_java.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0963.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-1041.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0100.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0132.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/482926/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25918", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3895", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0609", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10340", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232."}, {"lang": "es", "value": "En Sun Java Runtime Environment (JRE) en JDK y JRE versi\u00f3n 6 Update 2 y anteriores, JDK y JRE versi\u00f3n 5.0 Update 12 y anteriores, SDK y JRE versi\u00f3n 1.4.2_15 y anteriores, y SDK y JRE versi\u00f3n 1.3.1_20 y anteriores, cuando un servidor proxy HTTP se utiliza, permite a los atacantes remotos violar el modelo de seguridad para las conexiones salientes de un applets por medio de un ataque de reajuste de m\u00falti-pin DNS en el que la descarga del applet depende de la resoluci\u00f3n DNS en el servidor proxy, pero las operaciones de socket del applet dependen de la resoluci\u00f3n DNS en m\u00e1quina local, un problema diferente de CVE-2007-5274. NOTA: esto es similar a CVE-2007-5232."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8E883F-E13D-4FB0-8C6F-B7628600E8D4"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AADA633-EB11-49A0-8E40-66589034F03E"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19DC29C5-1B9F-46DF-ACF6-3FF93E45777D"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B120F7D9-7C1E-4716-B2FA-2990D449F754"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28BE548B-DD0C-4C58-98CA-5B803F04F9EE"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F8E9AA0-8907-4B1A-86A1-08568195217D"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A337AD31-4566-4A4E-AFF3-7EAECD5C90F9"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0754AFDC-2F1C-4C06-AB46-457B5E610029"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5DA4242-30D9-44C8-9D0D-877348FFA22B"}, {"criteria": "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61C6043-99D0-4F36-AF84-1A5F90B895EE"}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337"}, {"criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAB87D43-2860-43DD-94EE-886D7D75A351"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06743B3-2637-47C2-BD1A-28D9F584ED75"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7F1CF2B-F0B6-45DD-88E1-C0BDF2B973BB"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD3AC618-7B66-4167-ABE5-87BE6907FB5A"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B0EAF17-18D3-45F2-9B6F-66BEC0F49FB6"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F861B32-B878-4DFC-A9D1-350B1013AA1F"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04FB9247-7DB5-46A1-9E99-C25A729FB5D7"}, {"criteria": "cpe:2.3:a:sun:jre:1.3.1:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A469586-4106-48BB-BF92-8FFDC8AA4C44"}, {"criteria": "cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D73559DD-54B4-4DF2-81BC-9109DB29DCCB"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.1:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FC43CA-1F08-4A4B-838B-840838BC67FE"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63978872-E797-4F13-B0F9-98CB67D0962A"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EEAB662-644A-4D7B-8237-64142CF48724"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED1009E-AE60-43A0-A0F5-38526EFCF423"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D102063B-2434-4141-98E7-2DE501AE1728"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B8CD03-CD31-4F4D-BA90-59435578A4F9"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41A994BF-1F64-480A-8AA5-748DDD0AB68C"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88519F2D-AD06-4F05-BEDA-A09216F1B481"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC728978-368D-4B36-B149-70473E92BD1B"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD5187B1-CB86-48E8-A595-9FCFD9822C0C"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C660DE4-543A-4E9B-825D-CD099D08CBD8"}, {"criteria": "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98C1942E-16C0-4EB2-AB57-43EC6EC9C3A2"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FC09E8-7F30-4FE4-912E-588AA250E2A3"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9919D091-73D7-465A-80FF-F37D6CAF9F46"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02565D6F-4CB2-4671-A4EF-3169BCFA6154"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EA5B9E9-654D-44F7-AE98-3D8B382804AC"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44051CFE-D15D-4416-A123-F3E49C67A9E7"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F296ACF3-1373-429D-B991-8B5BA704A7EF"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B863420B-DE16-416A-9640-1A1340A9B855"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724C972F-74FE-4044-BBC4-7E0E61FC9002"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE909DE-E55A-4BD3-A5BF-ADE407432193"}, {"criteria": "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DAC04D2-68FD-4793-A8E7-4690A543D7D4"}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43"}, {"criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34710306-D6CF-4D07-84BF-71A8839BE416"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B93DC8-6375-4B41-B9BC-F22F592C56B9"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A053DEF6-1317-4DA8-91D7-E1970DA62351"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0605FF-3DDC-4F3A-8171-F3A447E9C292"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "801FF3B4-0729-4710-BFC2-4B078029944F"}, {"criteria": "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EB8591E-3D6E-489B-B0D6-CEBB9D09EA68"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "002CA86D-3090-4C7A-947A-21CB5D1ADD98"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A3D49A-BE20-47BF-A85F-122357BAB098"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD02EBDF-6E51-4538-9EDD-B1DE914D09C9"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53C3C0E3-5F40-412B-A4AD-A7A291DE2A08"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36888382-79C8-4C97-A654-C668CD68556F"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F34C99E6-F9F0-4EF3-8601-B47EAE3D7273"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A74DD08D-CEDB-460E-BED5-78F6CAF18BF5"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F64FBC-DC97-4FE3-A235-18B87945AF7A"}, {"criteria": "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85048406-9051-4E69-94A8-5C449F3B89E7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

2.6 /10