1. CVE-Search
  2. CVE-2012-1682
ID CVE-2012-1682
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 31-10-2013 - 03:24)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 853228
    title CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
            oval oval:com.redhat.rhsa:tst:20121221001
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865002
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
            oval oval:com.redhat.rhsa:tst:20121221003
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865004
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
            oval oval:com.redhat.rhsa:tst:20121221005
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865006
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
            oval oval:com.redhat.rhsa:tst:20121221007
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865008
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
            oval oval:com.redhat.rhsa:tst:20121221009
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100865010
    rhsa
    id RHSA-2012:1221
    released 2012-09-03
    severity Critical
    title RHSA-2012:1221: java-1.6.0-openjdk security update (Critical)
  • bugzilla
    id 853228
    title CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
            oval oval:com.redhat.rhsa:tst:20121222001
          • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377002
        • AND
          • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
            oval oval:com.redhat.rhsa:tst:20121222003
          • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377004
        • AND
          • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
            oval oval:com.redhat.rhsa:tst:20121222005
          • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377006
        • AND
          • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
            oval oval:com.redhat.rhsa:tst:20121222007
          • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377008
        • AND
          • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
            oval oval:com.redhat.rhsa:tst:20121222009
          • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090377010
    rhsa
    id RHSA-2012:1222
    released 2012-09-03
    severity Important
    title RHSA-2012:1222: java-1.6.0-openjdk security update (Important)
  • rhsa
    id RHSA-2012:1225
  • rhsa
    id RHSA-2012:1466
  • rhsa
    id RHSA-2013:1455
  • rhsa
    id RHSA-2013:1456
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.7.0-openjdk-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-demo-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-devel-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-src-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-oracle-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.7-1jpp.5.el6_3
  • java-1.7.0-ibm-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-demo-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-devel-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-jdbc-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-plugin-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.7.0-ibm-src-1:1.7.0.2.0-1jpp.3.el6_3
  • java-1.6.0-ibm-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-accessibility-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-demo-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-demo-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-devel-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-devel-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-javacomm-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-javacomm-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-jdbc-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-jdbc-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-plugin-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-plugin-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-src-1:1.6.0.12.0-1jpp.1.el5_8
  • java-1.6.0-ibm-src-1:1.6.0.12.0-1jpp.1.el6_3
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
hp
  • HPSBUX02824
  • SSRT100970
secunia
  • 51044
  • 51327
suse
  • SUSE-SU-2012:1148
  • SUSE-SU-2012:1231
  • openSUSE-SU-2012:1175
ubuntu USN-1553-1
Last major update 31-10-2013 - 03:24
Published 30-08-2012 - 23:55
Last modified 31-10-2013 - 03:24
Back to Top