{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46501?format=json","vulnerability_id":"VCID-ea5j-wj8f-tkfj","summary":"Multiple vulnerabilities have been identified in Sun Java Development Kit\n    (JDK) and Java Runtime Environment (JRE).","aliases":[{"alias":"CVE-2007-3655"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76787?format=json","purl":"pkg:ebuild/app-emulation/emul-linux-x86-java@1.6.0.05","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/emul-linux-x86-java@1.6.0.05"},{"url":"http://public2.vulnerablecode.io/api/packages/76786?format=json","purl":"pkg:ebuild/dev-java/sun-jdk@1.6.0.05","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-java/sun-jdk@1.6.0.05"},{"url":"http://public2.vulnerablecode.io/api/packages/76785?format=json","purl":"pkg:ebuild/dev-java/sun-jre-bin@1.6.0.05","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-java/sun-jre-bin@1.6.0.05"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129685?format=json","purl":"pkg:rpm/redhat/java-1.5.0-ibm@1:1.5.0.5-1jpp.0.1?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fbs-tg62-affp"},{"vulnerability":"VCID-d5e5-vaa8-wbdr"},{"vulnerability":"VCID-ea5j-wj8f-tkfj"},{"vulnerability":"VCID-qhun-34fa-xygm"},{"vulnerability":"VCID-s828-4jhd-3be6"},{"vulnerability":"VCID-sxc2-qmst-kub2"},{"vulnerability":"VCID-ybjz-2xqf-2ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.5.0-ibm@1:1.5.0.5-1jpp.0.1%3Farch=el5"},{"url":"http://public2.vulnerablecode.io/api/packages/129682?format=json","purl":"pkg:rpm/redhat/java-1.5.0-ibm@1:1.5.0.5-1jpp.2?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fbs-tg62-affp"},{"vulnerability":"VCID-d5e5-vaa8-wbdr"},{"vulnerability":"VCID-ea5j-wj8f-tkfj"},{"vulnerability":"VCID-qhun-34fa-xygm"},{"vulnerability":"VCID-s828-4jhd-3be6"},{"vulnerability":"VCID-sxc2-qmst-kub2"},{"vulnerability":"VCID-ybjz-2xqf-2ub1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.5.0-ibm@1:1.5.0.5-1jpp.2%3Farch=el4"},{"url":"http://public2.vulnerablecode.io/api/packages/129744?format=json","purl":"pkg:rpm/redhat/java-1.5.0-sun@1.5.0.12-1jpp.2?arch=el4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ea5j-wj8f-tkfj"},{"vulnerability":"VCID-sxc2-qmst-kub2"},{"vulnerability":"VCID-ybjz-2xqf-2ub1"},{"vulnerability":"VCID-yugs-rwuf-q7gh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.5.0-sun@1.5.0.12-1jpp.2%3Farch=el4"}],"references":[{"reference_url":"http://docs.info.apple.com/article.html?artnum=307177","reference_id":"","reference_type":"","scores":[],"url":"http://docs.info.apple.com/article.html?artnum=307177"},{"reference_url":"http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"},{"reference_url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html"},{"reference_url":"http://osvdb.org/37756","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/37756"},{"reference_url":"http://research.eeye.com/html/advisories/published/AD20070705.html","reference_id":"","reference_type":"","scores":[],"url":"http://research.eeye.com/html/advisories/published/AD20070705.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3655.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3655","reference_id":"","reference_type":"","scores":[{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98377","published_at":"2026-05-14T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98367","published_at":"2026-04-29T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98368","published_at":"2026-04-26T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.9837","published_at":"2026-05-07T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98373","published_at":"2026-05-11T12:55:00Z"},{"value":"0.62246","scoring_system":"epss","scoring_elements":"0.98376","published_at":"2026-05-12T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98479","published_at":"2026-04-01T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98499","published_at":"2026-04-18T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98481","published_at":"2026-04-02T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98483","published_at":"2026-04-04T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98484","published_at":"2026-04-07T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98488","published_at":"2026-04-08T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98492","published_at":"2026-04-13T12:55:00Z"},{"value":"0.65469","scoring_system":"epss","scoring_elements":"0.98491","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3655"},{"reference_url":"http://secunia.com/advisories/25981","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/25981"},{"reference_url":"http://secunia.com/advisories/26314","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/26314"},{"reference_url":"http://secunia.com/advisories/26369","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/26369"},{"reference_url":"http://secunia.com/advisories/27266","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/27266"},{"reference_url":"http://secunia.com/advisories/28115","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/28115"},{"reference_url":"http://secunia.com/advisories/29858","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/29858"},{"reference_url":"http://secunia.com/advisories/30780","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/30780"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200804-28.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200804-28.xml"},{"reference_url":"http://securityreason.com/securityalert/2874","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/2874"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35320","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35320"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1"},{"reference_url":"http://www.exploit-db.com/exploits/30284","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/30284"},{"reference_url":"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml","reference_id":"","reference_type":"","scores":[],"url":"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"},{"reference_url":"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml","reference_id":"","reference_type":"","scores":[],"url":"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"},{"reference_url":"http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0818.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0818.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2007-0829.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2007-0829.html"},{"reference_url":"http://www.securityfocus.com/archive/1/473224/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/473224/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/473356/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/473356/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/24832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/24832"},{"reference_url":"http://www.securitytracker.com/id?1018346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1018346"},{"reference_url":"http://www.vupen.com/english/advisories/2007/2477","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/2477"},{"reference_url":"http://www.vupen.com/english/advisories/2007/4224","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/4224"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=248864","reference_id":"248864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=248864"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/4168.vbs","reference_id":"CVE-2007-3655","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/4168.vbs"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3655","reference_id":"CVE-2007-3655","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3655"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30284.vbs","reference_id":"CVE-2007-3655;OSVDB-37756","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30284.vbs"},{"reference_url":"https://www.securityfocus.com/bid/24832/info","reference_id":"CVE-2007-3655;OSVDB-37756","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/24832/info"},{"reference_url":"https://security.gentoo.org/glsa/200804-20","reference_id":"GLSA-200804-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0818","reference_id":"RHSA-2007:0818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0829","reference_id":"RHSA-2007:0829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0829"}],"weaknesses":[{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."}],"exploits":[{"date_added":"2007-07-09","description":"Sun Java WebStart - JNLP Stack Buffer Overflow (PoC)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2007-07-10","exploit_type":"dos","platform":"windows","source_date_updated":"2016-10-05","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"6.8 - 6.8","exploitability":"2.0","weighted_severity":"6.1","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea5j-wj8f-tkfj"}