CVE-2012-1682Oracle JDK vulnerability

10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
2.9%
top 13.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedAug 30
Latest updateMay 17

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDoracle/jdk1.7.0+1
NVDoracle/jre1.7.0+1

🔴Vulnerability Details

3
GHSA
GHSA-3cq6-v88g-8x73: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c2022-05-17
GHSA
GHSA-5jvp-8v86-8h9w: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c2022-05-17
VulnCheck
Oracle Java SE 7 Update 6 and earlier Java Runtime Environment (JRE) Vulnerability2012

📋Vendor Advisories

3
Ubuntu
OpenJDK 6 vulnerabilities2012-09-03
Red Hat
OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)2012-08-30
Red Hat
OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)2012-08-30

💬Community

2
Bugzilla
CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)2012-08-30
Bugzilla
CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)2012-08-30
CVE-2012-1682 — Oracle JDK vulnerability | cvebase