ID CVE-2012-1682
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 31-10-2013 - 03:24)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 853228
    title CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
          oval oval:com.redhat.rhsa:tst:20121221005
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865006
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
          oval oval:com.redhat.rhsa:tst:20121221011
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865010
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
          oval oval:com.redhat.rhsa:tst:20121221013
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865008
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
          oval oval:com.redhat.rhsa:tst:20121221007
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865014
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.49.1.11.4.el6_3
          oval oval:com.redhat.rhsa:tst:20121221009
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865012
    rhsa
    id RHSA-2012:1221
    released 2012-09-03
    severity Critical
    title RHSA-2012:1221: java-1.6.0-openjdk security update (Critical)
  • bugzilla
    id 853228
    title CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
          oval oval:com.redhat.rhsa:tst:20121222002
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377003
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
          oval oval:com.redhat.rhsa:tst:20121222004
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377011
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
          oval oval:com.redhat.rhsa:tst:20121222006
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377005
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
          oval oval:com.redhat.rhsa:tst:20121222010
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377007
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.28.1.10.9.el5_8
          oval oval:com.redhat.rhsa:tst:20121222008
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377009
    rhsa
    id RHSA-2012:1222
    released 2012-09-03
    severity Important
    title RHSA-2012:1222: java-1.6.0-openjdk security update (Important)
  • rhsa
    id RHSA-2012:1225
  • rhsa
    id RHSA-2012:1466
  • rhsa
    id RHSA-2013:1455
  • rhsa
    id RHSA-2013:1456
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.49.1.11.4.el6_3
  • java-1.6.0-openjdk-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.28.1.10.9.el5_8
  • java-1.7.0-openjdk-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-demo-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-devel-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.5-2.2.1.el6_3.3
  • java-1.7.0-openjdk-src-1:1.7.0.5-2.2.1.el6_3.3
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
hp
  • HPSBUX02824
  • SSRT100970
secunia
  • 51044
  • 51327
suse
  • SUSE-SU-2012:1148
  • SUSE-SU-2012:1231
  • openSUSE-SU-2012:1175
ubuntu USN-1553-1
Last major update 31-10-2013 - 03:24
Published 30-08-2012 - 23:55
Back to Top