Vulnerabilites related to suse - linux_enterprise_java
Vulnerability from fkie_nvd
Published
2013-06-18 22:55
Modified
2025-05-06 18:15
Severity ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
References
Impacted products
{ cisaActionDue: "2022-04-18", cisaExploitAdd: "2022-03-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Oracle Java SE Unspecified Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "DFAA351A-93CD-46A8-A480-CE2783CCD620", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "F4B153FD-E20B-4909-8B10-884E48F5B590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", matchCriteriaId: "F21933FB-A27C-4AF3-9811-2DE28484A5A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", matchCriteriaId: "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", matchCriteriaId: "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", matchCriteriaId: "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", matchCriteriaId: "37B5B98B-0E41-4397-8AB0-C18C6F10AED1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", matchCriteriaId: "4FF6C211-AD55-40FE-9130-77164E586F62", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", matchCriteriaId: "5831D70B-3854-4CB8-B88D-40F1743DAEE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", matchCriteriaId: "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", matchCriteriaId: "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", matchCriteriaId: "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", matchCriteriaId: "0CD8A54E-185B-4D34-82EF-C0C05739EC12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", matchCriteriaId: "4FFC7F0D-1F32-4235-8359-277CE41382DF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "EB864346-1429-46B5-A91E-A1126C486421", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "EF13B96D-1F80-4672-8DA3-F86F6D3BF070", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "D1A2D440-D966-41A6-955D-38B28DDE0FDB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "B1C57774-AD93-4162-8E45-92B09139C808", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "CD7C4194-D34A-418F-9B00-5C6012844AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*", matchCriteriaId: "F0B82FB1-0F0E-44F9-87AE-628517279E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*", matchCriteriaId: "A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*", matchCriteriaId: "0D60D98D-4363-44A0-AAB4-B61BA623EE21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*", matchCriteriaId: "23CDA4F0-C32B-4B08-A377-7D4426C2F569", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*", matchCriteriaId: "8E76476E-4120-46A9-90A8-A95FE89636CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*", matchCriteriaId: "97A84689-0CED-404F-8DC3-708BEB37D2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*", matchCriteriaId: "738EC3E5-A4EB-47FE-9C9A-7C8E8C669765", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*", matchCriteriaId: "FF56E0D9-612D-4215-9C76-560AE0661A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*", matchCriteriaId: "BA717604-4BB0-4968-B258-7C9F884016FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*", matchCriteriaId: "AA71FCF4-580F-432D-AADC-65A2A92CEBC8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*", matchCriteriaId: "F1E1A8F3-5A63-401E-9BDA-ACCA30FF6AC8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*", matchCriteriaId: "5C91517E-4C81-4D09-9FCB-B7AC769C7107", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*", matchCriteriaId: "8B276B96-66BE-4C09-BE9F-11FA7461CBDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update45:*:*:*:*:*:*", matchCriteriaId: "626E11CA-20EE-4AB0-84D7-8DAE7A9D8960", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", matchCriteriaId: "09027C19-D442-446F-B7A8-21DB6787CF43", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", matchCriteriaId: "0A0FEC28-0707-4F42-9740-78F3D2D551EE", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", matchCriteriaId: "C3C5879A-A608-4230-9DC1-C27F0F48A13B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", matchCriteriaId: "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", matchCriteriaId: "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", matchCriteriaId: "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", matchCriteriaId: "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", matchCriteriaId: "AADBB4F9-E43E-428B-9979-F47A15696C85", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", matchCriteriaId: "49260B94-05DE-4B78-9068-6F5F6BFDD19E", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", matchCriteriaId: "C4FDE9EB-08FE-436E-A265-30E83B15DB23", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", matchCriteriaId: "BE409D5C-8F9F-4DE9-ACB7-0E0B813F6399", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", matchCriteriaId: "B08C075B-9FC0-4381-A9E4-FFF0362BD308", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", matchCriteriaId: "F587E635-3A15-4186-B6A1-F99BE0A56820", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", matchCriteriaId: "90EC6C13-4B37-48E5-8199-A702A944D5A6", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", matchCriteriaId: "2528152C-E20A-4D97-931C-A5EC3CEAA06D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", matchCriteriaId: "A99DAB4C-272B-4C91-BC70-7729E1152590", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", matchCriteriaId: "30DFC10A-A4D9-4F89-B17C-AB9260087D29", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", matchCriteriaId: "272A5C44-18EC-41A9-8233-E9D4D0734EA6", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", matchCriteriaId: "81C2C04D-D4BA-4C87-9609-C53AA63BFF19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*", matchCriteriaId: "D8730889-A618-4CF9-888C-BF95802DD00F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*", matchCriteriaId: "CC062AE6-515B-4D40-9B86-46F7A1D7FF1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*", matchCriteriaId: "B4A2D725-A7DC-4802-A377-5C3963AD9941", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*", matchCriteriaId: "A47E0A76-D6A3-445E-84C8-038497655BBC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*", matchCriteriaId: "A3C6E1D8-B96E-40FB-9E66-9B3A5325E78B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*", matchCriteriaId: "F08A5AAD-84CA-491F-83D3-CEFFD16212E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update45:*:*:*:*:*:*", matchCriteriaId: "A13547EA-EF77-493A-A863-F09E2AEE8BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", matchCriteriaId: "A7FC09E8-7F30-4FE4-912E-588AA250E2A3", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", matchCriteriaId: "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", matchCriteriaId: "9919D091-73D7-465A-80FF-F37D6CAF9F46", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", matchCriteriaId: "02565D6F-4CB2-4671-A4EF-3169BCFA6154", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", matchCriteriaId: "452A3E51-9EAC-451D-BA04-A1E7B7D917EB", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", matchCriteriaId: "3E8C6AAC-C90B-4220-A69B-2A886A35CF5D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", matchCriteriaId: "55231B6B-9298-4363-9B5A-14C2DA7B1F50", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", matchCriteriaId: "E42CF0F7-418C-4BB6-9B73-FA3B9171D092", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", matchCriteriaId: "A5467E9D-07D8-4BEB-84D5-A3136C133519", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", matchCriteriaId: "B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", matchCriteriaId: "8A32F326-EA92-43CD-930E-E527B60CDD3B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", matchCriteriaId: "7EA5B9E9-654D-44F7-AE98-3D8B382804AC", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", matchCriteriaId: "04344167-530E-4A4D-90EF-74C684943DF1", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", matchCriteriaId: "B0E0373B-201D-408F-9234-A7EFE8B4970D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", matchCriteriaId: "15EAD76D-D5D0-4984-9D07-C1451D791083", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", matchCriteriaId: "DE949EBF-2BC0-4355-8B28-B494023D45FE", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", matchCriteriaId: "7E0A0A2D-62B9-4A00-84EF-90C15E47A632", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", matchCriteriaId: "A070A282-CBD6-4041-B149-5E310BD12E7B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", matchCriteriaId: "3ECAE71B-C549-4EFB-A509-BFD599F5917A", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", matchCriteriaId: "044BADDD-A80B-4AE2-8595-5F8186314550", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*", matchCriteriaId: "B7FC11BE-8CF7-4D45-BB4A-3EFA1DDBB10D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*", matchCriteriaId: "1D75C40D-62AE-47F2-A6E0-53F3495260BD", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", matchCriteriaId: "44051CFE-D15D-4416-A123-F3E49C67A9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*", matchCriteriaId: "4C061911-FB19-45EB-8E88-7450224F4023", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*", matchCriteriaId: "0E8009BC-F5A8-4D00-9F5F-8635475C6065", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", matchCriteriaId: "F296ACF3-1373-429D-B991-8B5BA704A7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", matchCriteriaId: "B863420B-DE16-416A-9640-1A1340A9B855", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", matchCriteriaId: "724C972F-74FE-4044-BBC4-7E0E61FC9002", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", matchCriteriaId: "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", matchCriteriaId: "EBE909DE-E55A-4BD3-A5BF-ADE407432193", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", matchCriteriaId: "5DAC04D2-68FD-4793-A8E7-4690A543D7D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", matchCriteriaId: "4339DE06-19FB-4B8E-B6AE-3495F605AD05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", matchCriteriaId: "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", matchCriteriaId: "79D7DBBA-6849-45F7-AFEF-C765569C481A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", matchCriteriaId: "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", matchCriteriaId: "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", matchCriteriaId: "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image channel verification\" in 2D.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 21 y anteriores, versión 6 Update 45 y anteriores, y versión 5.0 Update 45 y anteriores, y OpenJDK versión 7 de Oracle, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos relacionados con 2D. NOTA: la información previa es de la CPU de junio de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con la \"Incorrect image attribute verification\" en 2D.", }, ], evaluatorComment: "Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\n\n'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'", id: "CVE-2013-2465", lastModified: "2025-05-06T18:15:33.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2013-06-18T22:55:02.807", references: [ { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://advisories.mageia.org/MGASA-2013-0185.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "secalert_us@oracle.com", tags: [ "Patch", ], url: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=137545505800971&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=137545592101387&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0963.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/54154", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/60657", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-169A", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://advisories.mageia.org/MGASA-2013-0185.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=137545505800971&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=137545592101387&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/54154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/60657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-169A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-693", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2025-04-11 00:51
Severity ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "03D3F84F-3F6E-4DF1-B162-152293D951EA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "BAD59912-7325-4AE1-ACCF-D4F804AF3947", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*", matchCriteriaId: "62783157-E3B6-4A23-8D2F-1FBD0762E9A0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*", matchCriteriaId: "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*", matchCriteriaId: "91A3129F-17A6-4F32-BD5D-34E4A1D1A840", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*", matchCriteriaId: "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*", matchCriteriaId: "CC7CD279-54B6-4F6B-AE14-299FB319C690", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*", matchCriteriaId: "0EA269CA-4676-4008-89EF-20FAB89886A1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*", matchCriteriaId: "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*", matchCriteriaId: "601762D3-1188-4945-931D-EB8DAC2847A1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*", matchCriteriaId: "FA4A30A6-498C-46B8-8EFC-45EB13354EAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*", matchCriteriaId: "414CC00A-C797-4C34-8709-75DC061DCDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*", matchCriteriaId: "4401B967-0550-44F1-8753-9632120D2A44", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*", matchCriteriaId: "4961693D-F56C-46CD-B721-6A15E2837C17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*", matchCriteriaId: "AA4FBB66-CF6A-42D2-B122-1861F4139E75", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "14AD4A87-382A-41F0-96D8-0F0A9B738773", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "33701DDF-6882-41D3-A11B-A1F4585A77A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "76C5B430-EE11-4674-B4B0-895D66E3B32F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1837D84-6B4F-40D8-9A3F-71C328F659BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D20A369B-2168-4883-A84C-BB48A71AFB33", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "3628AAB4-E524-46E5-AAF4-1980256F13CE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "30DC9FE3-CDE9-4F83-989B-4E431BA18B56", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "81F529EB-2BCA-4E3E-93E4-2A9880CDA367", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "7694638C-CDAC-44DF-B9F9-F7237CD98017", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "23903A3C-1760-4836-BAE6-BDD32CBB4CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*", matchCriteriaId: "2477E033-D26B-4D71-839B-5FE4B0927559", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*", matchCriteriaId: "B1CAB7BF-265E-411D-A584-E78DE171F065", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*", matchCriteriaId: "4E45F670-232F-4CE5-8926-6463E5619506", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5B70E6E3-15B3-4D48-AE49-B9184A58EECE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D5BCE3FD-B89B-4141-8103-9DB941AD60D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*", matchCriteriaId: "8EADFB3B-738F-4919-B165-9ECEED46EA6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*", matchCriteriaId: "B23A5431-E599-4848-AB83-B299898F5EF0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9A8BF650-B8F5-467E-8DBF-81788B55F345", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1752A831-916F-4A7D-8AAE-1CEFACC51F91", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0C9744C4-76BE-428B-AFF2-5BCE00A58322", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "48B1DE45-90F9-416B-9087-8AEF5B0A3C46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A731493C-9B46-4105-9902-B15BA0E0FB11", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "49454369-A494-4EAA-88D5-181570DEBB4A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update51:*:*:*:*:*:*", matchCriteriaId: "04C71221-E477-4DF8-B10A-3AC64511E4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update60:*:*:*:*:*:*", matchCriteriaId: "FF7DE0E6-F329-417B-8035-B4EBF9C97483", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*", matchCriteriaId: "220536FA-695D-4DE8-9813-494E3D061B78", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update51:*:*:*:*:*:*", matchCriteriaId: "ACB55CC5-0EC7-44B2-B5A9-A5B1EE584791", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update60:*:*:*:*:*:*", matchCriteriaId: "4F6B5E73-6751-475A-B9BF-3414D3476208", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*", matchCriteriaId: "7CB654DC-1D3D-4475-8815-335AC573F54C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", matchCriteriaId: "DF26274E-5364-4FC1-9603-A78C365596DB", versionEndIncluding: "r27.7.6", versionStartIncluding: "r27.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", matchCriteriaId: "583E7A18-48C5-4AEE-A9C1-239D678E275A", versionEndIncluding: "r28.2.8", versionStartIncluding: "r28.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*", matchCriteriaId: "CF65201D-8980-450A-A542-3B5473A6F374", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0:*:*:*:*:*:*:*", matchCriteriaId: "E51D5AEF-B3D4-4782-9988-BC1DB3F3F296", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E179FC2F-C700-4998-9D7A-3B945874CAC1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2341D5E7-15CD-4C8F-ABE8-AA915BFA2804", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.3:*:*:*:*:*:*:*", matchCriteriaId: "474DC3BA-27F2-452A-85AD-BCC476EDD35B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.4:*:*:*:*:*:*:*", matchCriteriaId: "997CA07C-EBB7-4D7F-AF23-A161817BF4A9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.5:*:*:*:*:*:*:*", matchCriteriaId: "5BFE87FC-7B77-4840-8185-1707CB37323B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "C77DD8B3-A227-4350-8699-FEC822119393", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FA56704-18EB-4F3B-A36F-BCEF67B07C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "420CC5FF-0300-4FA7-AB53-78C1A0B83C11", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B7132A0E-C2A1-403E-9516-A6911563D7B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:host_on-demand:11.0.8:*:*:*:*:*:*:*", matchCriteriaId: "F32CA797-ED68-426E-9370-E16C90075E01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "BB2F6EF3-721A-43AB-AAFD-BE3EEDB0AA61", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", matchCriteriaId: "40363692-5283-4D0C-BAE1-C049C02A0294", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", matchCriteriaId: "F805BA3A-178D-416E-9DED-4258F71A17C8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", matchCriteriaId: "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", matchCriteriaId: "1554D69E-D68E-46CA-B1F7-C24CAABF58E8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", matchCriteriaId: "C684FC45-C9BA-4EF0-BD06-BB289450DD21", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", matchCriteriaId: "4339DE06-19FB-4B8E-B6AE-3495F605AD05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", matchCriteriaId: "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*", matchCriteriaId: "79D7DBBA-6849-45F7-AFEF-C765569C481A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp2:*:*:*:*:*:*", matchCriteriaId: "2C634990-2690-4E3B-B21F-6687A6A34644", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_sdk:11:sp3:*:*:*:*:*:*", matchCriteriaId: "73B7BC23-6CCA-41B2-8F61-EDB95F1AFB1D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", matchCriteriaId: "4CD2D897-E321-4CED-92E0-11A98B52053C", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", matchCriteriaId: "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", matchCriteriaId: "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", matchCriteriaId: "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:xerces2_java:*:*:*:*:*:*:*:*", matchCriteriaId: "8CFD62E4-794A-43C0-8C65-A44D970D1569", versionEndExcluding: "2.12.0", versionStartIncluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, { lang: "es", value: "XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se empleó en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, así como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegación de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML.", }, ], id: "CVE-2013-4002", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-23T11:03:19.790", references: [ { source: "psirt@us.ibm.com", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/56257", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT5982", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { source: "psirt@us.ibm.com", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/61310", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { source: "psirt@us.ibm.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "psirt@us.ibm.com", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/56257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT5982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/61310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-06-07 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
References
Impacted products
{ cisaActionDue: "2022-03-24", cisaExploitAdd: "2022-03-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*", matchCriteriaId: "5F0AD0F9-E797-4E16-95F3-C1AFDA557D78", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", matchCriteriaId: "A7FC09E8-7F30-4FE4-912E-588AA250E2A3", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", matchCriteriaId: "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", matchCriteriaId: "9919D091-73D7-465A-80FF-F37D6CAF9F46", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", matchCriteriaId: "02565D6F-4CB2-4671-A4EF-3169BCFA6154", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", matchCriteriaId: "452A3E51-9EAC-451D-BA04-A1E7B7D917EB", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", matchCriteriaId: "3E8C6AAC-C90B-4220-A69B-2A886A35CF5D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", matchCriteriaId: "55231B6B-9298-4363-9B5A-14C2DA7B1F50", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", matchCriteriaId: "E42CF0F7-418C-4BB6-9B73-FA3B9171D092", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", matchCriteriaId: "A5467E9D-07D8-4BEB-84D5-A3136C133519", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", matchCriteriaId: "B83B2CE1-45D7-47AD-BC0A-6EC74D5F8F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", matchCriteriaId: "8A32F326-EA92-43CD-930E-E527B60CDD3B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", matchCriteriaId: "7EA5B9E9-654D-44F7-AE98-3D8B382804AC", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", matchCriteriaId: "04344167-530E-4A4D-90EF-74C684943DF1", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", matchCriteriaId: "B0E0373B-201D-408F-9234-A7EFE8B4970D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", matchCriteriaId: "15EAD76D-D5D0-4984-9D07-C1451D791083", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", matchCriteriaId: "DE949EBF-2BC0-4355-8B28-B494023D45FE", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", matchCriteriaId: "7E0A0A2D-62B9-4A00-84EF-90C15E47A632", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", matchCriteriaId: "A070A282-CBD6-4041-B149-5E310BD12E7B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", matchCriteriaId: "3ECAE71B-C549-4EFB-A509-BFD599F5917A", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", matchCriteriaId: "044BADDD-A80B-4AE2-8595-5F8186314550", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*", matchCriteriaId: "B7FC11BE-8CF7-4D45-BB4A-3EFA1DDBB10D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*", matchCriteriaId: "1D75C40D-62AE-47F2-A6E0-53F3495260BD", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", matchCriteriaId: "44051CFE-D15D-4416-A123-F3E49C67A9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*", matchCriteriaId: "4C061911-FB19-45EB-8E88-7450224F4023", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*", matchCriteriaId: "0E8009BC-F5A8-4D00-9F5F-8635475C6065", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", matchCriteriaId: "F296ACF3-1373-429D-B991-8B5BA704A7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", matchCriteriaId: "B863420B-DE16-416A-9640-1A1340A9B855", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", matchCriteriaId: "724C972F-74FE-4044-BBC4-7E0E61FC9002", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", matchCriteriaId: "46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", matchCriteriaId: "EBE909DE-E55A-4BD3-A5BF-ADE407432193", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", matchCriteriaId: "5DAC04D2-68FD-4793-A8E7-4690A543D7D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "EF13B96D-1F80-4672-8DA3-F86F6D3BF070", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "D1A2D440-D966-41A6-955D-38B28DDE0FDB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "B1C57774-AD93-4162-8E45-92B09139C808", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "CD7C4194-D34A-418F-9B00-5C6012844AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*", matchCriteriaId: "F0B82FB1-0F0E-44F9-87AE-628517279E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*", matchCriteriaId: "A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*", matchCriteriaId: "0D60D98D-4363-44A0-AAB4-B61BA623EE21", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "9AF0780E-830E-4971-8F79-8FCF5D2EBC20", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", matchCriteriaId: "09027C19-D442-446F-B7A8-21DB6787CF43", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", matchCriteriaId: "0A0FEC28-0707-4F42-9740-78F3D2D551EE", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", matchCriteriaId: "C3C5879A-A608-4230-9DC1-C27F0F48A13B", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", matchCriteriaId: "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", matchCriteriaId: "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", matchCriteriaId: "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", matchCriteriaId: "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", matchCriteriaId: "AADBB4F9-E43E-428B-9979-F47A15696C85", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", matchCriteriaId: "49260B94-05DE-4B78-9068-6F5F6BFDD19E", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", matchCriteriaId: "C4FDE9EB-08FE-436E-A265-30E83B15DB23", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", matchCriteriaId: "BE409D5C-8F9F-4DE9-ACB7-0E0B813F6399", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", matchCriteriaId: "7158D2C0-E9AC-4CD6-B777-EA7B7A181997", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", matchCriteriaId: "B08C075B-9FC0-4381-A9E4-FFF0362BD308", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", matchCriteriaId: "F587E635-3A15-4186-B6A1-F99BE0A56820", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", matchCriteriaId: "90EC6C13-4B37-48E5-8199-A702A944D5A6", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", matchCriteriaId: "2528152C-E20A-4D97-931C-A5EC3CEAA06D", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", matchCriteriaId: "A99DAB4C-272B-4C91-BC70-7729E1152590", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", matchCriteriaId: "30DFC10A-A4D9-4F89-B17C-AB9260087D29", vulnerable: true, }, { criteria: "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", matchCriteriaId: "272A5C44-18EC-41A9-8233-E9D4D0734EA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "DFAA351A-93CD-46A8-A480-CE2783CCD620", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "F4B153FD-E20B-4909-8B10-884E48F5B590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", matchCriteriaId: "4339DE06-19FB-4B8E-B6AE-3495F605AD05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*", matchCriteriaId: "6C92E342-B485-49E3-BC3A-4397D3CA8453", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*", matchCriteriaId: "A44C3422-0D42-473E-ABB4-279D7494EE2F", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*", matchCriteriaId: "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", matchCriteriaId: "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*", matchCriteriaId: "E8C91701-DF37-4F7B-AB9A-B1BFDB4991F8", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", matchCriteriaId: "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.", }, { lang: "es", value: "Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE), de Oracle Java SE v7 Update 2 y versiones anteriores, v6 Update 30 y anteriores, y v5.0 Update 33 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la \"Concurrencia\". NOTA: La información anterior se obtuvo de la Oracle CPU de Febrero de 2012. Oracle no se ha pronunciado sobre las reclamaciones de un vendedor y de los investigadores de que este problema se produce porque la implementación de la clase AtomicReferenceArray no garantiza que la matriz es de tipo Object[], lo que permite a atacantes provocar una denegación de servicio (bloqueo de la máquina virtual Java) o eludir restricciones del entorno limitado de Java. NOTA: Este problema fue asignado originalmente al CVE-2011-3571, pero ese identificador ya ha sido asignado a un tema diferente.", }, ], id: "CVE-2012-0507", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2012-06-07T22:55:17.883", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "Broken Link", ], url: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0508.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0514.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48589", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48692", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48915", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48948", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48950", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Broken Link", ], url: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2012/dsa-2420", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://www.securityfocus.com/bid/52161", }, { source: "secalert_us@oracle.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Broken Link", ], url: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0508.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48692", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Broken Link", ], url: "http://secunia.com/advisories/48950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Broken Link", ], url: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2012/dsa-2420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://www.securityfocus.com/bid/52161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-06-16 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", matchCriteriaId: "E4728C6F-BE60-4805-8D45-FB61DD307CF1", versionEndIncluding: "1.4.2_37", versionStartIncluding: "1.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*", matchCriteriaId: "D8730889-A618-4CF9-888C-BF95802DD00F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update1:*:*:*:*:*:*", matchCriteriaId: "94F2C368-5881-40AB-8B08-BF959E724950", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update10:*:*:*:*:*:*", matchCriteriaId: "2D33EDF0-548B-457F-908B-C3795945FC37", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update11:*:*:*:*:*:*", matchCriteriaId: "7B1BA97C-51C0-4EA2-B514-84503E1B42CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update12:*:*:*:*:*:*", matchCriteriaId: "30F69268-F35B-411F-90C6-11A5EFF00DE7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update13:*:*:*:*:*:*", matchCriteriaId: "E137594B-9FFE-4081-933F-F825E3A3F362", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update14:*:*:*:*:*:*", matchCriteriaId: "5DCC0622-5D7E-4D2D-84ED-FD985B2B0C58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update15:*:*:*:*:*:*", matchCriteriaId: "26AF05CC-DF6C-40EE-88A6-71C85EE7C4F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update16:*:*:*:*:*:*", matchCriteriaId: "79674E2C-B6E8-40DE-821D-291FD312C3A0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update17:*:*:*:*:*:*", matchCriteriaId: "83E72AE8-C2EB-4C4A-80D0-7C5AA0BD2C48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update18:*:*:*:*:*:*", matchCriteriaId: "FC107766-8EF4-4A63-AC1F-DBFAD33E349D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update19:*:*:*:*:*:*", matchCriteriaId: "BAA97E64-FFAA-4C4E-B3B1-72D9B968161E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update2:*:*:*:*:*:*", matchCriteriaId: "5CEBD756-DAA9-4613-9ECA-943EB162BAF8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update20:*:*:*:*:*:*", matchCriteriaId: "508CB5E0-5A93-4890-B822-10F29631B280", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update21:*:*:*:*:*:*", matchCriteriaId: "A7C6D544-04A1-4B09-8AC9-DEBEAAB1E903", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update22:*:*:*:*:*:*", matchCriteriaId: "08F6C2F3-2DB1-4B71-82D7-11233ADD1376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update23:*:*:*:*:*:*", matchCriteriaId: "708418EA-CFB6-4AFC-9327-E974F99E7323", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update24:*:*:*:*:*:*", matchCriteriaId: "159846BB-6BC2-4A6F-B9B7-5D95D70B966F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update25:*:*:*:*:*:*", matchCriteriaId: "ABD71288-227D-4FA6-9E07-FFA9EBAF3452", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update26:*:*:*:*:*:*", matchCriteriaId: "5B02C330-01CB-41FB-A503-A6A9BB24FDA2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update27:*:*:*:*:*:*", matchCriteriaId: "CF46C0A1-67A1-421A-961A-5C19E20D075F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update28:*:*:*:*:*:*", matchCriteriaId: "CF3B6C14-A29B-4B55-82A9-51A2CC108063", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update29:*:*:*:*:*:*", matchCriteriaId: "3E77C2EE-EB7D-40D8-BF74-F6CEB8DCE610", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update3:*:*:*:*:*:*", matchCriteriaId: "5798AD7E-81A9-456B-8109-46F5CF910C63", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update30:*:*:*:*:*:*", matchCriteriaId: "3FE9142C-E34A-4390-B9DF-4689A45E67BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update31:*:*:*:*:*:*", matchCriteriaId: "54D82C69-8F1E-4666-B0F3-25540F840170", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update32:*:*:*:*:*:*", matchCriteriaId: "27EE5902-38E6-4977-A66A-FE2CCE27EAAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update33:*:*:*:*:*:*", matchCriteriaId: "97905F32-901A-4AE0-8E16-7CA44BC5988C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update34:*:*:*:*:*:*", matchCriteriaId: "7109AD44-F277-41A6-B765-EE053B4F32C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update35:*:*:*:*:*:*", matchCriteriaId: "1AC184EB-A85D-47A0-8C21-FD05B0C46079", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update4:*:*:*:*:*:*", matchCriteriaId: "88114C4E-0267-47C2-A7FC-D38BEFC3AF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update5:*:*:*:*:*:*", matchCriteriaId: "055CA491-F4F1-4110-824F-23ED1494543F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update6:*:*:*:*:*:*", matchCriteriaId: "5687B90D-55D3-4115-8266-4B935108C237", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update7:*:*:*:*:*:*", matchCriteriaId: "6CA9E211-120C-4CAE-8A25-709D015124F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update8:*:*:*:*:*:*", matchCriteriaId: "FEE709FD-88F8-484D-9D13-216D79F5DDC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.5.0:update9:*:*:*:*:*:*", matchCriteriaId: "15D32F92-E8CF-4EA8-AA31-5F406AAB455B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "EB864346-1429-46B5-A91E-A1126C486421", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*", matchCriteriaId: "F199B346-B95E-4DCA-B750-148A36D559BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*", matchCriteriaId: "D16229B8-1642-4C10-8650-A9CEA9D4C98C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*", matchCriteriaId: "1714BDEF-6B0E-42BB-9510-3F9B52E170BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*", matchCriteriaId: "830A3A51-F17A-4C61-8F5C-6A4582A64DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*", matchCriteriaId: "9DE0E496-719D-4CEF-837F-B060A898099F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*", matchCriteriaId: "3B02F361-0C64-4CB8-8DAD-A63F1A9CC025", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*", matchCriteriaId: "FD4CC3E2-7BEA-4D8C-811C-C5012327A9AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*", matchCriteriaId: "9F63A8AC-893D-4D75-B467-85E70B62541D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*", matchCriteriaId: "D7823AE6-CB18-47DE-8A4F-1F98394B7237", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*", matchCriteriaId: "381EFA43-DB73-48EA-A4B1-F451EF60D845", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*", matchCriteriaId: "77C54E00-0197-4C87-9BFF-01A099AC3006", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*", matchCriteriaId: "64AD6007-EB92-4D0E-A0CB-8FFDDB61AA6D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*", matchCriteriaId: "7415177F-A2FE-47AB-8D92-194A4F6D75C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*", matchCriteriaId: "52FA600C-08B6-4143-9C72-DB31E489DE3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "EF13B96D-1F80-4672-8DA3-F86F6D3BF070", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "D1A2D440-D966-41A6-955D-38B28DDE0FDB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "B1C57774-AD93-4162-8E45-92B09139C808", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "CD7C4194-D34A-418F-9B00-5C6012844AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*", matchCriteriaId: "F0B82FB1-0F0E-44F9-87AE-628517279E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*", matchCriteriaId: "A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*", matchCriteriaId: "2752B83A-6DD2-4829-9E4F-42CDDCBC38C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*", matchCriteriaId: "0D60D98D-4363-44A0-AAB4-B61BA623EE21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*", matchCriteriaId: "23CDA4F0-C32B-4B08-A377-7D4426C2F569", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*", matchCriteriaId: "8E76476E-4120-46A9-90A8-A95FE89636CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*", matchCriteriaId: "964CCFD6-316A-48C6-9A6B-7CFD1A1FB027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*", matchCriteriaId: "DC8771D7-9531-4A1D-B2DE-FAA7A7549801", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*", matchCriteriaId: "6C59C275-5964-4E5D-BE80-BA4EA34BEA62", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*", matchCriteriaId: "47C1922B-37E8-4009-97C7-B243F6F96704", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update8:*:*:*:*:*:*", matchCriteriaId: "68957C57-EC74-4896-B97D-E936DC6AD31C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*", matchCriteriaId: "6B3A8681-3EAC-4D02-811A-5FCCCC7B5635", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "DFAA351A-93CD-46A8-A480-CE2783CCD620", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "F4B153FD-E20B-4909-8B10-884E48F5B590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", matchCriteriaId: "5831D70B-3854-4CB8-B88D-40F1743DAEE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", matchCriteriaId: "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", matchCriteriaId: "369207B4-96FA-4324-9445-98FAE8ECF5DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", matchCriteriaId: "791A11F4-2F3A-4D83-B450-2BC7209DEE80", versionEndIncluding: "1.4.2_37", versionStartIncluding: "1.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*", matchCriteriaId: "711BCDB5-83BC-4DBA-8097-2CD33617FD19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*", matchCriteriaId: "B5F20B3E-781F-4DC1-B939-B0EAFC515F71", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*", matchCriteriaId: "BEB37E93-38EB-4AEE-A3DD-D2097C0D6852", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*", matchCriteriaId: "59DED85A-153E-40B1-9ABA-D405204E464E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*", matchCriteriaId: "168E67FC-32BC-4DAE-B49C-840FD721D7AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*", matchCriteriaId: "83A2B4A2-ED27-4C12-871B-C0F78C3478FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*", matchCriteriaId: "9E8A5D2D-B620-449B-B599-51F5C9FC658C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*", matchCriteriaId: "9A39B469-5041-4715-B6AC-36D8777677EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*", matchCriteriaId: "F49DBD1F-D3F5-400B-AE2E-BC87B05A5051", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*", matchCriteriaId: "8E605982-97A2-4E5E-847E-2BB8AD77910C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*", matchCriteriaId: "848299EC-DE52-4511-BF53-C83022935964", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*", matchCriteriaId: "CD5BD598-ADBC-42EE-BF81-049D89CCA426", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*", matchCriteriaId: "64AC19E5-A20C-4D51-B465-ABCDBADF550A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update20:*:*:*:*:*:*", matchCriteriaId: "4855E669-C465-4167-89CE-EA693C70A051", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update21:*:*:*:*:*:*", matchCriteriaId: "9D970942-F8B4-445B-8167-955C489DA85B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update22:*:*:*:*:*:*", matchCriteriaId: "9EE4A1F0-FDAD-4BC7-8541-0CA928E51731", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update23:*:*:*:*:*:*", matchCriteriaId: "542B79DC-8BC8-4E93-ADC0-50BAF5FFB3D0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update24:*:*:*:*:*:*", matchCriteriaId: "5E537391-BC5D-4923-9122-27624371BF22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update25:*:*:*:*:*:*", matchCriteriaId: "2D8E305C-BB6A-4705-ADED-73B3159A338C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update26:*:*:*:*:*:*", matchCriteriaId: "CC65A3CD-F682-4788-B42C-77BBBDBAEB34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update27:*:*:*:*:*:*", matchCriteriaId: "E67D9262-1F65-44D0-B6E6-68D405CEA5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update28:*:*:*:*:*:*", matchCriteriaId: "774509D5-9C66-446B-9050-F8CE6C6EDB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update29:*:*:*:*:*:*", matchCriteriaId: "1A85BCBA-61AF-455A-A5E0-312E4D1308C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*", matchCriteriaId: "A2CCCA1A-F0A1-4511-AF84-326DF406C0DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update30:*:*:*:*:*:*", matchCriteriaId: "DD21F014-7CFF-490E-9D39-048703915552", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update31:*:*:*:*:*:*", matchCriteriaId: "C00F4FBC-E6A3-40DC-AEA9-26F34F90A86D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update32:*:*:*:*:*:*", matchCriteriaId: "EBF147E8-5BB0-4472-8213-18D8BFE1E2CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update33:*:*:*:*:*:*", matchCriteriaId: "7FAF6EAE-8974-488F-87A3-86AF9D4455B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update34:*:*:*:*:*:*", matchCriteriaId: "B19E5AB2-FB4A-4D42-9A43-6A1C4829B4E9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update35:*:*:*:*:*:*", matchCriteriaId: "40119D8A-8D51-4AD7-AC83-A735CF86F9D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update4:*:*:*:*:*:*", matchCriteriaId: "81B0BEF9-25FD-48F7-83BC-BEA31BC3A1BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update5:*:*:*:*:*:*", matchCriteriaId: "4E6D8590-0A99-43E0-9256-9572112F9C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update6:*:*:*:*:*:*", matchCriteriaId: "5F2A0870-A4D3-481B-8A37-A4DC282B0DE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update7:*:*:*:*:*:*", matchCriteriaId: "20171515-B5A5-44D2-B7F7-21EDDE39989E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update8:*:*:*:*:*:*", matchCriteriaId: "F734AF76-4CEE-4F9D-AD6A-6BECF1F977CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.5.0:update9:*:*:*:*:*:*", matchCriteriaId: "985B45F6-C285-4061-A656-A4C1A1FE59D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "4A420DA5-1346-446B-8D23-E1E6DDBE527E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*", matchCriteriaId: "B8CA8719-7ABE-4279-B49E-C414794A4FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*", matchCriteriaId: "DC92B7EC-849F-4255-9D55-43681B8DADC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*", matchCriteriaId: "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*", matchCriteriaId: "1F3C1E65-929A-4468-8584-F086E6E59839", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*", matchCriteriaId: "42C95C1D-0C2E-4733-AB1B-65650D88995D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*", matchCriteriaId: "47A9F499-D1E3-41BD-AC18-E8D3D3231C12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*", matchCriteriaId: "D45B0D7E-BA0F-4AAA-A7BA-2ADA4CC90D94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*", matchCriteriaId: "D58A3E4F-2409-440A-891E-0B84D79AB480", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*", matchCriteriaId: "3FC2226B-CFEF-48A4-83EA-1F59F4AF7528", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*", matchCriteriaId: "F29DC78F-4D02-47B4-A955-32080B22356C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*", matchCriteriaId: "81A4204E-6F50-45FB-A343-7A30C0CD6D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*", matchCriteriaId: "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*", matchCriteriaId: "4B151882-47C0-400E-BBAB-A949E6140C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*", matchCriteriaId: "6DB4F19E-DFC4-42F4-87B9-32FB1C496649", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "301E96A3-AD2F-48F3-9166-571BD6F9FAE3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "6C9215D9-DB64-4CEE-85E6-E247035EFB09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "352509FE-54D9-4A59-98B7-96E5E98BC2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "C3EC13D3-4CE7-459C-A7D7-7D38C1284720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "8CDCD1B4-C5F3-4188-B05F-23922F7DE517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*", matchCriteriaId: "1824DA2D-26D5-4595-8376-8E41AB8C5E52", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*", matchCriteriaId: "B72F78B7-10D1-49CF-AC4D-3B10921CB633", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*", matchCriteriaId: "344FA3EA-9E25-493C-976A-211D1404B251", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*", matchCriteriaId: "60D05860-9424-4727-B583-74A35BC9BDFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*", matchCriteriaId: "F85DB431-FEA4-42E7-AC29-6B66174DCD9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*", matchCriteriaId: "FB7E911C-C780-440A-ABFF-CCE09061BB4F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*", matchCriteriaId: "D081A380-5AA4-4451-94A9-7B65810106E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*", matchCriteriaId: "112E7575-A3A0-4A94-AD39-7B2325B150B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*", matchCriteriaId: "708E8CEF-82EE-4D4B-ABF9-87AA4878F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*", matchCriteriaId: "D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*", matchCriteriaId: "FEB2C8A3-E0DC-46A3-BD82-8E45DA55ED0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*", matchCriteriaId: "64B5B16D-061A-438D-A8CF-9E63D6C748D7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "ACABC935-5DD6-4F85-992E-70AD517EF41D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "6152036D-6421-4AE4-9223-766FE07B5A44", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "D375CECB-405C-4E18-A7E8-9C5A2F97BD69", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", matchCriteriaId: "52EEEA5A-E77C-43CF-A063-9D5C64EA1870", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", matchCriteriaId: "003746F6-DEF0-4D0F-AD97-9E335868E301", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", matchCriteriaId: "369207B4-96FA-4324-9445-98FAE8ECF5DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*", matchCriteriaId: "ABD07623-B997-479C-B8C8-DEF899104BD5", versionEndExcluding: "1.10.8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*", matchCriteriaId: "D6C469B3-C1E7-4E5D-AD16-2CA8981CB589", versionEndExcluding: "1.11.3", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*", matchCriteriaId: "46E05B39-84D0-4208-A299-2B6B999FA482", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "C0554C89-3716-49F3-BFAE-E008D5E4E29C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:*:*:*", matchCriteriaId: "AF0F7F83-8723-4FFC-BC7C-90C12F1F41E8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0:*:*:*:*:*:*:*", matchCriteriaId: "0B94E436-BECD-4AA9-82A3-C9CC48C875F1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", matchCriteriaId: "4339DE06-19FB-4B8E-B6AE-3495F605AD05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*", matchCriteriaId: "252CF7A7-3FEB-4503-AEE8-B67139C5B0D5", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", matchCriteriaId: "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", matchCriteriaId: "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", matchCriteriaId: "5AA37837-3083-4DC7-94F4-54FD5D7CB53C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.", }, { lang: "es", value: "Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos relacionados con el la impresión en Solaris o Linux.", }, ], evaluatorImpact: "Per: http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html\n\n'Applies to printing on the Solaris and Linux platforms. This vulnerability cannot be exploited through untrusted Java Web Start applications or untrusted Java applets. It also cannot be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.'", id: "CVE-2012-1717", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-06-16T21:55:03.250", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0734.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1243.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/50659", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/51080", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21615246", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/53952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0734.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1243.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/50659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/51080", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21615246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/53952", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-19 21:55
Modified
2025-04-11 00:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
References
Impacted products
{ cisaActionDue: "2022-03-24", cisaExploitAdd: "2022-03-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", matchCriteriaId: "FD1AF818-452D-46FE-BD02-05E2E94DDE30", versionEndExcluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "4A420DA5-1346-446B-8D23-E1E6DDBE527E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*", matchCriteriaId: "B8CA8719-7ABE-4279-B49E-C414794A4FE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*", matchCriteriaId: "DC92B7EC-849F-4255-9D55-43681B8DADC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*", matchCriteriaId: "2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*", matchCriteriaId: "1F3C1E65-929A-4468-8584-F086E6E59839", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*", matchCriteriaId: "42C95C1D-0C2E-4733-AB1B-65650D88995D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*", matchCriteriaId: "47A9F499-D1E3-41BD-AC18-E8D3D3231C12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*", matchCriteriaId: "D45B0D7E-BA0F-4AAA-A7BA-2ADA4CC90D94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*", matchCriteriaId: "D58A3E4F-2409-440A-891E-0B84D79AB480", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*", matchCriteriaId: "3FC2226B-CFEF-48A4-83EA-1F59F4AF7528", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*", matchCriteriaId: "F29DC78F-4D02-47B4-A955-32080B22356C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*", matchCriteriaId: "81A4204E-6F50-45FB-A343-7A30C0CD6D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*", matchCriteriaId: "D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*", matchCriteriaId: "4B151882-47C0-400E-BBAB-A949E6140C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*", matchCriteriaId: "6DB4F19E-DFC4-42F4-87B9-32FB1C496649", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "301E96A3-AD2F-48F3-9166-571BD6F9FAE3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "6C9215D9-DB64-4CEE-85E6-E247035EFB09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "352509FE-54D9-4A59-98B7-96E5E98BC2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "C3EC13D3-4CE7-459C-A7D7-7D38C1284720", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "8CDCD1B4-C5F3-4188-B05F-23922F7DE517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "ACABC935-5DD6-4F85-992E-70AD517EF41D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "6152036D-6421-4AE4-9223-766FE07B5A44", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", matchCriteriaId: "FE8B0935-6637-413D-B896-28E0ED7F2CEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", matchCriteriaId: "30B480BC-0886-4B19-B0A5-57B531077F40", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", matchCriteriaId: "7FA1990D-BBC2-429C-872C-6150459516B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", matchCriteriaId: "8DC2887E-610B-42FE-9A96-1E2F01BF17A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", matchCriteriaId: "130849CD-A581-4FE6-B2AA-99134F16FE65", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "D375CECB-405C-4E18-A7E8-9C5A2F97BD69", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*", matchCriteriaId: "50AF5AE9-5314-4CE7-95A7-CE6D1B036D23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*", matchCriteriaId: "1B10B19C-FA60-4CD5-AA61-A9791F6CECA8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", matchCriteriaId: "52EEEA5A-E77C-43CF-A063-9D5C64EA1870", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", matchCriteriaId: "003746F6-DEF0-4D0F-AD97-9E335868E301", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", matchCriteriaId: "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", matchCriteriaId: "6BAE3670-0938-480A-8472-DFF0B3A0D0BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", matchCriteriaId: "0EC967FF-26A6-4498-BC09-EC23B2B75CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*", matchCriteriaId: "270DE3F5-C51F-4E62-B532-7773BCF8CC7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", matchCriteriaId: "02781457-4E40-46A9-A5F7-945232A8C2B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*", matchCriteriaId: "5ED1BA76-BCA4-483F-B238-39FA792984BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*", matchCriteriaId: "D450D249-DD3B-435F-B006-C44A215A3DC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*", matchCriteriaId: "BD9FCDEB-2854-42FF-8BF4-A50890B3F08F", versionEndExcluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*", matchCriteriaId: "EB864346-1429-46B5-A91E-A1126C486421", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*", matchCriteriaId: "F199B346-B95E-4DCA-B750-148A36D559BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*", matchCriteriaId: "1714BDEF-6B0E-42BB-9510-3F9B52E170BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*", matchCriteriaId: "830A3A51-F17A-4C61-8F5C-6A4582A64DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*", matchCriteriaId: "9DE0E496-719D-4CEF-837F-B060A898099F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*", matchCriteriaId: "3B02F361-0C64-4CB8-8DAD-A63F1A9CC025", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*", matchCriteriaId: "FD4CC3E2-7BEA-4D8C-811C-C5012327A9AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*", matchCriteriaId: "9F63A8AC-893D-4D75-B467-85E70B62541D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*", matchCriteriaId: "D7823AE6-CB18-47DE-8A4F-1F98394B7237", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*", matchCriteriaId: "381EFA43-DB73-48EA-A4B1-F451EF60D845", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*", matchCriteriaId: "77C54E00-0197-4C87-9BFF-01A099AC3006", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*", matchCriteriaId: "64AD6007-EB92-4D0E-A0CB-8FFDDB61AA6D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*", matchCriteriaId: "7415177F-A2FE-47AB-8D92-194A4F6D75C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*", matchCriteriaId: "52FA600C-08B6-4143-9C72-DB31E489DE3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*", matchCriteriaId: "EF13B96D-1F80-4672-8DA3-F86F6D3BF070", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*", matchCriteriaId: "D1A2D440-D966-41A6-955D-38B28DDE0FDB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*", matchCriteriaId: "B1C57774-AD93-4162-8E45-92B09139C808", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*", matchCriteriaId: "CD7C4194-D34A-418F-9B00-5C6012844AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*", matchCriteriaId: "DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*", matchCriteriaId: "2752B83A-6DD2-4829-9E4F-42CDDCBC38C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*", matchCriteriaId: "964CCFD6-316A-48C6-9A6B-7CFD1A1FB027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*", matchCriteriaId: "DC8771D7-9531-4A1D-B2DE-FAA7A7549801", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*", matchCriteriaId: "6C59C275-5964-4E5D-BE80-BA4EA34BEA62", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*", matchCriteriaId: "47C1922B-37E8-4009-97C7-B243F6F96704", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update8:*:*:*:*:*:*", matchCriteriaId: "68957C57-EC74-4896-B97D-E936DC6AD31C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*", matchCriteriaId: "6B3A8681-3EAC-4D02-811A-5FCCCC7B5635", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", matchCriteriaId: "DFAA351A-93CD-46A8-A480-CE2783CCD620", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", matchCriteriaId: "F4B153FD-E20B-4909-8B10-884E48F5B590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", matchCriteriaId: "F21933FB-A27C-4AF3-9811-2DE28484A5A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update10_b31:*:*:*:*:*:*", matchCriteriaId: "61B7A9E2-14BE-40E3-AF51-1BA6FC612170", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", matchCriteriaId: "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", matchCriteriaId: "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", matchCriteriaId: "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", matchCriteriaId: "37B5B98B-0E41-4397-8AB0-C18C6F10AED1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update17_b31:*:*:*:*:*:*", matchCriteriaId: "B0228195-41B4-4145-B8A4-7B974456ABA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update17_b32:*:*:*:*:*:*", matchCriteriaId: "44F8FB6D-3602-4263-9814-CCB64B8D1926", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", matchCriteriaId: "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", matchCriteriaId: "4FF6C211-AD55-40FE-9130-77164E586F62", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update21_b31:*:*:*:*:*:*", matchCriteriaId: "2D3257E5-17DB-4E02-9A8E-DD0E4D4339DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*", matchCriteriaId: "F40DB141-E5B3-4EC2-9E2F-2E27414FCCB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update25_b33:*:*:*:*:*:*", matchCriteriaId: "3391456D-86B0-457B-83BB-4C74DA0ED634", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update25_b34:*:*:*:*:*:*", matchCriteriaId: "AA88EAC0-FD2D-4B38-8944-D4B6C3BD6FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update25_b35:*:*:*:*:*:*", matchCriteriaId: "C12DF03E-6E61-41DF-A283-D16AB356B6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", matchCriteriaId: "5831D70B-3854-4CB8-B88D-40F1743DAEE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", matchCriteriaId: "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", matchCriteriaId: "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", matchCriteriaId: "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", matchCriteriaId: "0CD8A54E-185B-4D34-82EF-C0C05739EC12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update7_b32:*:*:*:*:*:*", matchCriteriaId: "CD27AF64-5AA9-40F0-9308-2B4196FE7653", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", matchCriteriaId: "4FFC7F0D-1F32-4235-8359-277CE41382DF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", matchCriteriaId: "87614B58-24AB-49FB-9C84-E8DDBA16353B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", matchCriteriaId: "EF49D26F-142E-468B-87C1-BABEA445255C", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*", matchCriteriaId: "B2A12684-8CB8-49A6-8E06-1E1AE5B43E87", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*", matchCriteriaId: "3CF5C5B9-2CB9-4CD8-B94F-A674ED909CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", matchCriteriaId: "D1D7B467-58DD-45F1-9F1F-632620DF072A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7 y v6 Update 27 y anteriores permite a aplicaciones remotas Java Web Start y applets Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con secuencias de comandos.", }, ], id: "CVE-2011-3544", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2011-10-19T21:55:01.097", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/48308", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "secalert_us@oracle.com", tags: [ "Product", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1384.html", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/50218", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1026215", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-1263-1", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849", }, { source: "secalert_us@oracle.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/48308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1384.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/50218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1026215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-1263-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2013-2465
Vulnerability from cvelistv5
Published
2013-06-18 22:00
Modified
2025-05-06 17:15
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-05-06T17:15:03.175Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability", }, { url: "https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability", }, { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "HPSBUX02908", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=137545592101387&w=2", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "60657", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/60657", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", }, { name: "SUSE-SU-2013:1264", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "HPSBUX02907", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=137545505800971&w=2", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "54154", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54154", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT101305", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { name: "oval:org.mitre.oval:def:19455", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455", }, { name: "oval:org.mitre.oval:def:19703", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703", }, { name: "HPSBUX02922", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", }, { name: "oval:org.mitre.oval:def:19074", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "oval:org.mitre.oval:def:17106", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "TA13-169A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-169A", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2013-0185.html", }, { name: "RHSA-2013:0963", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0963.html", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", }, { name: "RHSA-2013:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { name: "MDVSA-2013:183", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2013-2465", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:00:39.857228Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2465", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:00:44.143Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-06-18T00:00:00.000Z", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image channel verification\" in 2D.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01.000Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "HPSBUX02908", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=137545592101387&w=2", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "60657", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/60657", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", }, { name: "SUSE-SU-2013:1264", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "HPSBUX02907", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=137545505800971&w=2", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "54154", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54154", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT101305", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { name: "oval:org.mitre.oval:def:19455", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455", }, { name: "oval:org.mitre.oval:def:19703", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703", }, { name: "HPSBUX02922", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { tags: [ "x_refsource_MISC", ], url: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", }, { name: "oval:org.mitre.oval:def:19074", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "oval:org.mitre.oval:def:17106", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "TA13-169A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-169A", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2013-0185.html", }, { name: "RHSA-2013:0963", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0963.html", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", }, { name: "RHSA-2013:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { name: "MDVSA-2013:183", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2013-2465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"Incorrect image channel verification\" in 2D.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2013:1060", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "HPSBUX02908", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=137545592101387&w=2", }, { name: "RHSA-2014:0414", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "60657", refsource: "BID", url: "http://www.securityfocus.com/bid/60657", }, { name: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", }, { name: "SUSE-SU-2013:1264", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", }, { name: "SUSE-SU-2013:1257", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "HPSBUX02907", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=137545505800971&w=2", }, { name: "SUSE-SU-2013:1256", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "54154", refsource: "SECUNIA", url: "http://secunia.com/advisories/54154", }, { name: "RHSA-2013:1455", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT101305", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { name: "oval:org.mitre.oval:def:19455", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455", }, { name: "oval:org.mitre.oval:def:19703", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703", }, { name: "HPSBUX02922", refsource: "HP", url: "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", }, { name: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", refsource: "MISC", url: "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040", }, { name: "oval:org.mitre.oval:def:19074", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074", }, { name: "SUSE-SU-2013:1263", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "SUSE-SU-2013:1293", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "oval:org.mitre.oval:def:17106", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106", }, { name: "RHSA-2013:1081", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "TA13-169A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-169A", }, { name: "http://advisories.mageia.org/MGASA-2013-0185.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2013-0185.html", }, { name: "RHSA-2013:0963", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0963.html", }, { name: "SUSE-SU-2013:1255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=975118", }, { name: "RHSA-2013:1456", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { name: "MDVSA-2013:183", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", }, { name: "SUSE-SU-2013:1305", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2013-2465", datePublished: "2013-06-18T22:00:00.000Z", dateReserved: "2013-03-05T00:00:00.000Z", dateUpdated: "2025-05-06T17:15:03.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-1717
Vulnerability from cvelistv5
Published
2012-06-16 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:37.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53952", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53952", }, { name: "SUSE-SU-2012:1265", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "SUSE-SU-2012:1177", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html", }, { name: "SUSE-SU-2012:1231", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", }, { name: "RHSA-2012:0734", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0734.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", }, { name: "RHSA-2012:1243", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1243.html", }, { name: "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html", }, { name: "50659", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50659", }, { name: "SUSE-SU-2012:1204", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "MDVSA-2012:095", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", }, { name: "RHSA-2013:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21615246", }, { name: "MDVSA-2013:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { name: "51080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51080", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-12T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-17T19:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "53952", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53952", }, { name: "SUSE-SU-2012:1265", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "SUSE-SU-2012:1177", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html", }, { name: "SUSE-SU-2012:1231", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", }, { name: "RHSA-2012:0734", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0734.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", }, { name: "RHSA-2012:1243", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1243.html", }, { name: "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html", }, { name: "50659", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50659", }, { name: "SUSE-SU-2012:1204", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "MDVSA-2012:095", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", }, { name: "RHSA-2013:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21615246", }, { name: "MDVSA-2013:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { name: "51080", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51080", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2012-1717", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "53952", refsource: "BID", url: "http://www.securityfocus.com/bid/53952", }, { name: "SUSE-SU-2012:1265", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "SUSE-SU-2012:1177", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html", }, { name: "SUSE-SU-2012:1231", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html", }, { name: "RHSA-2012:0734", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0734.html", }, { name: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", }, { name: "RHSA-2012:1243", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1243.html", }, { name: "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released", refsource: "MLIST", url: "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html", }, { name: "50659", refsource: "SECUNIA", url: "http://secunia.com/advisories/50659", }, { name: "SUSE-SU-2012:1204", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html", }, { name: "RHSA-2013:1455", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "MDVSA-2012:095", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", }, { name: "RHSA-2013:1456", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1456.html", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21615246", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21615246", }, { name: "MDVSA-2013:150", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", }, { name: "51080", refsource: "SECUNIA", url: "http://secunia.com/advisories/51080", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2012-1717", datePublished: "2012-06-16T21:00:00", dateReserved: "2012-03-16T00:00:00", dateUpdated: "2024-08-06T19:08:37.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0507
Vulnerability from cvelistv5
Published
2012-06-07 22:00
Modified
2025-02-10 19:55
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:23:31.104Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "HPSBUX02784", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", }, { name: "48692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48692", }, { name: "HPSBMU02799", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", }, { name: "48589", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48589", }, { name: "SSRT100805", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", }, { name: "SUSE-SU-2012:0602", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SUSE-SU-2012:0603", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html", }, { name: "48950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48950", }, { name: "48948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48948", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", }, { name: "SSRT100871", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { name: "48915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48915", }, { name: "HPSBUX02757", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "DSA-2420", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2420", }, { name: "RHSA-2012:0508", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0508.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", }, { name: "SSRT100867", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "RHSA-2012:0514", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0514.html", }, { name: "52161", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52161", }, { name: "HPSBUX02760", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { name: "SSRT100779", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "HPSBMU02797", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2012-0507", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:54:57.403498Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0507", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:55:28.567Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-14T00:00:00.000Z", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-28T20:57:01.000Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "HPSBUX02784", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", }, { name: "48692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48692", }, { name: "HPSBMU02799", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", }, { name: "48589", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48589", }, { name: "SSRT100805", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", }, { name: "SUSE-SU-2012:0602", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SUSE-SU-2012:0603", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html", }, { name: "48950", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48950", }, { name: "48948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48948", }, { tags: [ "x_refsource_MISC", ], url: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", }, { name: "SSRT100871", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { name: "48915", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48915", }, { name: "HPSBUX02757", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "DSA-2420", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2420", }, { name: "RHSA-2012:0508", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0508.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", }, { name: "SSRT100867", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "RHSA-2012:0514", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0514.html", }, { name: "52161", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52161", }, { name: "HPSBUX02760", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { name: "SSRT100779", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "HPSBMU02797", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2012-0507", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "HPSBUX02784", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { name: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", }, { name: "48692", refsource: "SECUNIA", url: "http://secunia.com/advisories/48692", }, { name: "HPSBMU02799", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { name: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", refsource: "MISC", url: "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/", }, { name: "48589", refsource: "SECUNIA", url: "http://secunia.com/advisories/48589", }, { name: "SSRT100805", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { name: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", refsource: "MISC", url: "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3", }, { name: "SUSE-SU-2012:0602", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", }, { name: "RHSA-2013:1455", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SUSE-SU-2012:0603", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html", }, { name: "48950", refsource: "SECUNIA", url: "http://secunia.com/advisories/48950", }, { name: "48948", refsource: "SECUNIA", url: "http://secunia.com/advisories/48948", }, { name: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", refsource: "MISC", url: "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx", }, { name: "SSRT100871", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133847939902305&w=2", }, { name: "48915", refsource: "SECUNIA", url: "http://secunia.com/advisories/48915", }, { name: "HPSBUX02757", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "DSA-2420", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2420", }, { name: "RHSA-2012:0508", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0508.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=788994", }, { name: "SSRT100867", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "RHSA-2012:0514", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0514.html", }, { name: "52161", refsource: "BID", url: "http://www.securityfocus.com/bid/52161", }, { name: "HPSBUX02760", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133365109612558&w=2", }, { name: "SSRT100779", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=133364885411663&w=2", }, { name: "HPSBMU02797", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2012-0507", datePublished: "2012-06-07T22:00:00.000Z", dateReserved: "2012-01-11T00:00:00.000Z", dateUpdated: "2025-02-10T19:55:28.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4002
Vulnerability from cvelistv5
Published
2013-07-23 10:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:49.315Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IC98015", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT5982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-18T00:00:00", descriptions: [ { lang: "en", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:19:06", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IC98015", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT5982", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2013-4002", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IC98015", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015", }, { name: "RHSA-2013:1060", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1060.html", }, { name: "RHSA-2014:0414", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2014:0414", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "RHSA-2013:1447", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1447.html", }, { name: "RHSA-2015:0765", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0765.html", }, { name: "RHSA-2013:1440", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1440.html", }, { name: "RHSA-2015:0675", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0675.html", }, { name: "61310", refsource: "BID", url: "http://www.securityfocus.com/bid/61310", }, { name: "RHSA-2015:0773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0773.html", }, { name: "RHSA-2015:0720", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-0720.html", }, { name: "SUSE-SU-2013:1257", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", }, { name: "USN-2033-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2033-1", }, { name: "USN-2089-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2089-1", }, { name: "SUSE-SU-2013:1256", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", }, { name: "HPSBUX02944", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=138674073720143&w=2", }, { name: "RHSA-2013:1505", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1505.html", }, { name: "HPSBUX02943", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=138674031212883&w=2", }, { name: "RHSA-2014:1822", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1822.html", }, { name: "56257", refsource: "SECUNIA", url: "http://secunia.com/advisories/56257", }, { name: "SUSE-SU-2013:1263", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", }, { name: "RHSA-2013:1059", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1059.html", }, { name: "RHSA-2014:1823", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1823.html", }, { name: "openSUSE-SU-2013:1663", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", }, { name: "SUSE-SU-2013:1666", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", }, { name: "APPLE-SA-2013-10-15-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", }, { name: "SUSE-SU-2013:1293", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", }, { name: "RHSA-2013:1081", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1081.html", }, { name: "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", refsource: "MLIST", url: "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E", }, { name: "SUSE-SU-2013:1255", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html", }, { name: "RHSA-2013:1451", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1451.html", }, { name: "RHSA-2014:1818", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1818.html", }, { name: "RHSA-2014:1821", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1821.html", }, { name: "SUSE-SU-2013:1305", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", }, { name: "ibm-java-cve20134002-dos(85260)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260", }, { name: "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", refsource: "MLIST", url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "http://www.ibm.com/support/docview.wss?uid=swg21648172", refsource: "CONFIRM", url: "http://www.ibm.com/support/docview.wss?uid=swg21648172", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21657539", }, { name: "https://issues.apache.org/jira/browse/XERCESJ-1679", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/XERCESJ-1679", }, { name: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250&r2=1499506&view=patch", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21653371", }, { name: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", refsource: "MISC", url: "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", }, { name: "http://support.apple.com/kb/HT5982", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT5982", }, { name: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", }, { name: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", refsource: "CONFIRM", url: "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002", }, { name: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", refsource: "CONFIRM", url: "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2013-4002", datePublished: "2013-07-23T10:00:00", dateReserved: "2013-06-07T00:00:00", dateUpdated: "2024-08-06T16:30:49.315Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3544
Vulnerability from cvelistv5
Published
2011-10-19 21:00
Modified
2025-02-10 19:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:37:48.020Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:13947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "HPSBMU02799", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { name: "48308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48308", }, { name: "HPSBUX02730", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "SUSE-SU-2012:0114", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT100710", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "RHSA-2011:1384", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1384.html", }, { name: "50218", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/50218", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", }, { name: "SSRT100867", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "oracle-jre-scripting-unspecified(70849)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849", }, { name: "1026215", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1026215", }, { name: "USN-1263-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1263-1", }, { name: "HPSBMU02797", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2011-3544", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:24:24.898601Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-3544", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:24:39.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-18T00:00:00.000Z", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-05T18:57:01.000Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "oval:org.mitre.oval:def:13947", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947", }, { name: "GLSA-201406-32", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "HPSBMU02799", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { name: "48308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48308", }, { name: "HPSBUX02730", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "SUSE-SU-2012:0114", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", }, { name: "RHSA-2013:1455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT100710", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "RHSA-2011:1384", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1384.html", }, { name: "50218", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/50218", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", }, { name: "SSRT100867", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "oracle-jre-scripting-unspecified(70849)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849", }, { name: "1026215", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1026215", }, { name: "USN-1263-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1263-1", }, { name: "HPSBMU02797", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2011-3544", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:13947", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947", }, { name: "GLSA-201406-32", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { name: "HPSBMU02799", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { name: "48308", refsource: "SECUNIA", url: "http://secunia.com/advisories/48308", }, { name: "HPSBUX02730", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "SUSE-SU-2012:0114", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", }, { name: "RHSA-2013:1455", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1455.html", }, { name: "SSRT100710", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=132750579901589&w=2", }, { name: "RHSA-2011:1384", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-1384.html", }, { name: "50218", refsource: "BID", url: "http://www.securityfocus.com/bid/50218", }, { name: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", }, { name: "SSRT100867", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "oracle-jre-scripting-unspecified(70849)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849", }, { name: "1026215", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1026215", }, { name: "USN-1263-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1263-1", }, { name: "HPSBMU02797", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { name: "http://www.ibm.com/developerworks/java/jdk/alerts/", refsource: "CONFIRM", url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2011-3544", datePublished: "2011-10-19T21:00:00.000Z", dateReserved: "2011-09-16T00:00:00.000Z", dateUpdated: "2025-02-10T19:24:39.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }