ID CVE-2012-0499
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
References
Vulnerable Configurations
  • Sun JRE 1.4.2
    cpe:2.3:a:sun:jre:1.4.2
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_15
    cpe:2.3:a:sun:jre:1.4.2_15
  • Sun JRE 1.4.2_16
    cpe:2.3:a:sun:jre:1.4.2_16
  • Sun JRE 1.4.2_17
    cpe:2.3:a:sun:jre:1.4.2_17
  • Sun JRE 1.4.2_18
    cpe:2.3:a:sun:jre:1.4.2_18
  • Sun JRE 1.4.2_19
    cpe:2.3:a:sun:jre:1.4.2_19
  • Sun JRE 1.4.2_20
    cpe:2.3:a:sun:jre:1.4.2_20
  • Sun JRE 1.4.2_21
    cpe:2.3:a:sun:jre:1.4.2_21
  • Sun JRE 1.4.2_22
    cpe:2.3:a:sun:jre:1.4.2_22
  • Sun JRE 1.4.2_23
    cpe:2.3:a:sun:jre:1.4.2_23
  • Sun JRE 1.4.2_24
    cpe:2.3:a:sun:jre:1.4.2_24
  • Sun JRE 1.4.2_25
    cpe:2.3:a:sun:jre:1.4.2_25
  • Sun JRE 1.4.2_26
    cpe:2.3:a:sun:jre:1.4.2_26
  • Sun JRE 1.4.2_27
    cpe:2.3:a:sun:jre:1.4.2_27
  • Sun JRE 1.4.2_28
    cpe:2.3:a:sun:jre:1.4.2_28
  • Sun JRE 1.4.2_29
    cpe:2.3:a:sun:jre:1.4.2_29
  • Sun JRE 1.4.2_30
    cpe:2.3:a:sun:jre:1.4.2_30
  • Sun JRE 1.4.2_31
    cpe:2.3:a:sun:jre:1.4.2_31
  • Sun JRE 1.4.2_32
    cpe:2.3:a:sun:jre:1.4.2_32
  • Sun JRE 1.4.2_33
    cpe:2.3:a:sun:jre:1.4.2_33
  • Sun JRE 1.4.2_34
    cpe:2.3:a:sun:jre:1.4.2_34
  • Sun JRE 1.4.2_35
    cpe:2.3:a:sun:jre:1.4.2_35
  • Sun JRE 1.5.0
    cpe:2.3:a:sun:jre:1.5.0
  • Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
    cpe:2.3:a:sun:jre:1.5.0:update1
  • Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
    cpe:2.3:a:sun:jre:1.5.0:update10
  • Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
    cpe:2.3:a:sun:jre:1.5.0:update11
  • Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
    cpe:2.3:a:sun:jre:1.5.0:update12
  • Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
    cpe:2.3:a:sun:jre:1.5.0:update13
  • Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
    cpe:2.3:a:sun:jre:1.5.0:update14
  • Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
    cpe:2.3:a:sun:jre:1.5.0:update15
  • Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
    cpe:2.3:a:sun:jre:1.5.0:update16
  • Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
    cpe:2.3:a:sun:jre:1.5.0:update17
  • Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
    cpe:2.3:a:sun:jre:1.5.0:update18
  • Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
    cpe:2.3:a:sun:jre:1.5.0:update19
  • Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
    cpe:2.3:a:sun:jre:1.5.0:update2
  • Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
    cpe:2.3:a:sun:jre:1.5.0:update20
  • Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
    cpe:2.3:a:sun:jre:1.5.0:update21
  • Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
    cpe:2.3:a:sun:jre:1.5.0:update22
  • Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
    cpe:2.3:a:sun:jre:1.5.0:update23
  • Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
    cpe:2.3:a:sun:jre:1.5.0:update24
  • Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
    cpe:2.3:a:sun:jre:1.5.0:update25
  • Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
    cpe:2.3:a:sun:jre:1.5.0:update26
  • Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
    cpe:2.3:a:sun:jre:1.5.0:update27
  • Sun JRE 1.5.0_28 (JRE 5.0 Update 28)
    cpe:2.3:a:sun:jre:1.5.0:update28
  • Sun JRE 1.5.0_29 (JRE 5.0 Update 29)
    cpe:2.3:a:sun:jre:1.5.0:update29
  • Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
    cpe:2.3:a:sun:jre:1.5.0:update3
  • Sun JRE 1.5.0_31 (JRE 5.0 Update 31)
    cpe:2.3:a:sun:jre:1.5.0:update31
  • Sun JRE 1.5.0_33 (JRE 5.0 Update 33)
    cpe:2.3:a:sun:jre:1.5.0:update33
  • Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
    cpe:2.3:a:sun:jre:1.5.0:update4
  • Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
    cpe:2.3:a:sun:jre:1.5.0:update5
  • Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
    cpe:2.3:a:sun:jre:1.5.0:update6
  • Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
    cpe:2.3:a:sun:jre:1.5.0:update7
  • Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
    cpe:2.3:a:sun:jre:1.5.0:update8
  • Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
    cpe:2.3:a:sun:jre:1.5.0:update9
  • Oracle JRE 1.6.0 Update 22
    cpe:2.3:a:oracle:jre:1.6.0:update_22
  • Oracle JRE 1.6.0 Update 23
    cpe:2.3:a:oracle:jre:1.6.0:update_23
  • Oracle JRE 1.6.0 Update 24
    cpe:2.3:a:oracle:jre:1.6.0:update_24
  • Oracle JRE 1.6.0 Update 25
    cpe:2.3:a:oracle:jre:1.6.0:update_25
  • Oracle JRE 1.6.0 Update 26
    cpe:2.3:a:oracle:jre:1.6.0:update_26
  • Oracle JRE 1.6.0 Update 27
    cpe:2.3:a:oracle:jre:1.6.0:update_27
  • Oracle JRE 1.6.0 Update 29
    cpe:2.3:a:oracle:jre:1.6.0:update_29
  • Oracle JRE 1.6.0 Update 30
    cpe:2.3:a:oracle:jre:1.6.0:update_30
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Oracle JRE 1.7.0
    cpe:2.3:a:oracle:jre:1.7.0
  • Oracle JRE 1.7.0 update1
    cpe:2.3:a:oracle:jre:1.7.0:update1
  • Oracle JRE 1.7.0 update2
    cpe:2.3:a:oracle:jre:1.7.0:update2
  • Oracle JavaFX 1.2
    cpe:2.3:a:oracle:javafx:1.2
  • Oracle JavaFX 1.2.2
    cpe:2.3:a:oracle:javafx:1.2.2
  • Oracle JavaFX 1.2.3
    cpe:2.3:a:oracle:javafx:1.2.3
  • Oracle JavaFX 1.3.0
    cpe:2.3:a:oracle:javafx:1.3.0
  • Oracle JavaFX 1.3.1
    cpe:2.3:a:oracle:javafx:1.3.1
  • Oracle JavaFX 2.0
    cpe:2.3:a:oracle:javafx:2.0
  • Oracle JavaFX 2.0.2
    cpe:2.3:a:oracle:javafx:2.0.2
CVSS
Base: 10.0 (as of 16-02-2012 - 12:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id ORACLE_JROCKIT_CPU_APR_2012.NASL
    description The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote attacker to compromise system confidentiality and integrity via unspecified vectors.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 76683
    published 2014-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76683
    title Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-8151.NASL
    description IBM Java 1.4.2 SR13 FP12 has been released, fixing various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ has more informations. CVEs addressed: CVE-2011-3563 / CVE-2012-0499 / CVE-2012-0502 / CVE-2012-0503 / CVE-2012-0505 / CVE-2012-0506
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 59493
    published 2012-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59493
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8151)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-03
    plugin id 72139
    published 2014-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72139
    title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1080.NASL
    description Updated java-1.4.2-ibm-sap packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 for SAP. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.4.2-ibm-sap are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP12 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78927
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78927
    title RHEL 5 / 6 : java-1.4.2-ibm-sap (RHSA-2012:1080)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_FEB_2012.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57959
    published 2012-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57959
    title Oracle Java SE Multiple Vulnerabilities (February 2012 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0702.NASL
    description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP12 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64038
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64038
    title RHEL 5 : java-1.4.2-ibm (RHSA-2012:0702)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_FEB_2012_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 3 / 6 Update 31 / 5.0 Update 34 / 1.4.2_36 and is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Concurrency - Deployment - I18n - Install - Java Runtime Environment - Lightweight HTTP Server - Serialization - Sound
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64847
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64847
    title Oracle Java SE Multiple Vulnerabilities (February 2012 CPU) (Unix)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_4_2-IBM-120529.NASL
    description IBM Java 1.4.2 SR13 FP12 has been released which fixes various bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ has more informations. CVEs addressed: CVE-2011-3563 / CVE-2012-0499 / CVE-2012-0502 / CVE-2012-0503 / CVE-2012-0505 / CVE-2012-0506
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64161
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64161
    title SuSE 11.1 Security Update : IBM Java (SAT Patch Number 6360)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1455.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78975
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78975
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2012-0013.NASL
    description The version of VMware vCenter installed on the remote host is 4.0 earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than Update 2. As such, it is potentially affected by multiple vulnerabilities in the included Oracle (Sun) Java Runtime Environment.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 66806
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66806
    title VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0139.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57991
    published 2012-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57991
    title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0514.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java 6 SR10-FP1 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 58866
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58866
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120216_JAVA_1_6_0_SUN_ON_SL4_X.NASL
    description This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61252
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61252
    title Scientific Linux Security Update : java-1.6.0-sun on SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0508.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM 'Security alerts' page, listed in the References section. (CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13-FP1 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 58840
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58840
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:0508) (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE7.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 7, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 58605
    published 2012-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58605
    title Mac OS X : Java for Mac OS X 10.6 Update 7
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-021.NASL
    description Multiple security issues were identified and fixed in OpenJDK (icedtea6) : Fix issues in java sound (CVE-2011-3563). Fix in AtomicReferenceArray (CVE-2011-3571). Add property to limit number of request headers to the HTTP Server (CVE-2011-5035). Incorect checking for graphics rendering object (CVE-2012-0497). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Better input parameter checking in zip file processing (CVE-2012-0501). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 58026
    published 2012-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58026
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:021)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-120427.NASL
    description IBM Java 1.6.0 was updated to SR10-FP1, fixing various security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 64164
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64164
    title SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 6225)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_7_2012-001.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.7 that is missing update 2012-001, which updates the Java version to 1.6.0_31. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 58606
    published 2012-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58606
    title Mac OS X : Java for OS X Lion 2012-001
oval via4
accepted 2015-03-23T04:00:46.030-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization DTCC
  • name Shane Shaffer
    organization G2, Inc.
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Runtime Environment 5 is installed
    oval oval:org.mitre.oval:def:15748
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
  • comment Java SE Runtime Environment 7 is installed
    oval oval:org.mitre.oval:def:16050
description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
family windows
id oval:org.mitre.oval:def:14878
status accepted
submitted 2012-02-17T15:24:26.000-05:00
title Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
version 12
redhat via4
advisories
  • rhsa
    id RHSA-2012:0508
  • rhsa
    id RHSA-2012:0514
  • rhsa
    id RHSA-2012:0702
  • rhsa
    id RHSA-2012:1080
  • rhsa
    id RHSA-2013:1455
refmap via4
bid 52016
confirm
hp
  • HPSBMU02797
  • HPSBMU02799
  • HPSBUX02757
  • HPSBUX02760
  • HPSBUX02777
  • HPSBUX02784
  • SSRT100779
  • SSRT100805
  • SSRT100854
  • SSRT100867
  • SSRT100871
mandriva MDVSA-2013:150
secunia
  • 48073
  • 48074
  • 48589
  • 48692
  • 48915
  • 48948
  • 48950
  • 49198
suse
  • SUSE-SU-2012:0602
  • SUSE-SU-2012:0603
  • SUSE-SU-2012:0734
  • SUSE-SU-2012:0881
  • SUSE-SU-2012:1013
vmware via4
description The Oracle (Sun) JRE is updated to version 1.6.0_31which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012.
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title vCenter and ESX update to JRE 1.6.0 Update 31
Last major update 22-08-2016 - 22:04
Published 15-02-2012 - 17:55
Last modified 05-01-2018 - 21:29
Back to Top