Oval Definition:oval:org.mitre.oval:def:22548
Revision Date:2014-05-26Version:36
Title:ELSA-2007:1041: java-1.5.0-ibm security update (Important)
Description:Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
ELSA-2007:1041-01
Platform(s):Oracle Linux 5
Product(s):java-1.5.0-ibm
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-src is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-plugin is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-devel is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-demo is earlier than 1:1.5.0.6-1jpp.1.el5
  • OR java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.6-1jpp.1.el5
    • BACK