Unrated severityNVD Advisory· Published Oct 11, 2007· Updated Apr 23, 2026

CVE-2007-5375

Description

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Affected products

Sun Corporation/Java Virtual Machine
cpe:2.3:a:sun:java_virtual_machine:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

crypto.stanford.edu/dns/dns-rebinding.pdfnvd
osvdb.org/40930nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000