Vulnerability Name: | CVE-2007-5275 (CCN-38334) | ||||||||||||||||||||||||||||
Assigned: | 2007-07-24 | ||||||||||||||||||||||||||||
Published: | 2007-07-24 | ||||||||||||||||||||||||||||
Updated: | 2017-09-29 | ||||||||||||||||||||||||||||
Summary: | The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||
References: | Source: CCN Type: Stanford University DNS-Rebinding Whitepaper Protecting Browsers from DNS Rebinding Attacks Source: MISC Type: UNKNOWN http://crypto.stanford.edu/dns/dns-rebinding.pdf Source: MITRE Type: CNA CVE-2007-5275 Source: APPLE Type: UNKNOWN APPLE-SA-2008-05-28 Source: SUSE Type: UNKNOWN SUSE-SA:2007:069 Source: SUSE Type: UNKNOWN SUSE-SA:2008:022 Source: CCN Type: RHSA-2007-1126 Critical: flash-plugin security update Source: CCN Type: RHSA-2008-0221 Critical: flash-plugin security update Source: CCN Type: SA28083 Adobe Flash Player Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28157 Source: CCN Type: SA28161 Adobe Flash Player Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 28161 Source: SECUNIA Type: UNKNOWN 28213 Source: SECUNIA Type: UNKNOWN 28570 Source: SECUNIA Type: UNKNOWN 29763 Source: SECUNIA Type: UNKNOWN 29865 Source: CCN Type: SA30430 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 30430 Source: SECUNIA Type: UNKNOWN 30507 Source: CCN Type: SECTRACK ID: 1019116 Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code, Scan Ports, and Conduct HTTP Request Splitting and Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1019116 Source: SUNALERT Type: UNKNOWN 238305 Source: CCN Type: Sun Alert ID: 238305 Multiple Security Vulnerabilities in Flash Player for Solaris Source: CCN Type: Apple Web site About the security content of Security Update 2008-003 / Mac OS X 10.5.3 Source: CCN Type: ASA-2008-013 flash-plugin security update (RHSA-2007-1126) Source: CCN Type: ASA-2008-164 flash-plugin security update (RHSA-2008-0221) Source: CCN Type: ASA-2008-241 Multiple Security Vulnerabilities in Flash Player for Solaris (Sun 238305) Source: CCN Type: NORTEL BULLETIN ID: 2008008954, Rev 1 Nortel Response to Sun Alert 238305 - Multiple Security Vulnerabilities in Flash Player for Solaris 10 Source: CCN Type: Adobe Product Security Bulletin APSB07-20 Flash Player update available to address security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb07-20.html Source: CCN Type: Adobe Product Security Bulletin APSB08-11 Flash Player update available to address security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb08-11.html Source: CCN Type: GLSA-200801-07 Adobe Flash Player: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200801-07 Source: CCN Type: GLSA-200804-21 Adobe Flash Player: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200804-21 Source: CCN Type: Adobe Systems Incorporated Web site Adobe - Flash Player Source: REDHAT Type: UNKNOWN RHSA-2007:1126 Source: REDHAT Type: UNKNOWN RHSA-2008:0221 Source: BID Type: UNKNOWN 26930 Source: CCN Type: BID-26930 Adobe Flash Player DNS Rebinding Vulnerability Source: CCN Type: TLSA-2008-1 Multiple vulnerabilities exist in flash-player Source: CERT Type: US Government Resource TA07-355A Source: CERT Type: US Government Resource TA08-100A Source: CERT Type: US Government Resource TA08-150A Source: VUPEN Type: UNKNOWN ADV-2007-4258 Source: VUPEN Type: UNKNOWN ADV-2008-1697 Source: VUPEN Type: UNKNOWN ADV-2008-1724 Source: XF Type: UNKNOWN flash-swf-dns-security-bypass(38334) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9250 Source: SUSE Type: SUSE-SA:2007:069 flash-player security update Source: SUSE Type: SUSE-SA:2008:022 Flash Player security problems | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |