### [CVE-2007-5274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.  NOTE: this is similar to CVE-2007-5232.

### POC

#### Reference
- http://crypto.stanford.edu/dns/dns-rebinding.pdf
- http://www.redhat.com/support/errata/RHSA-2007-0963.html

#### Github
No PoCs found on GitHub currently.