cbcvebase.
CVE-2012-1682
published 2012-08-30

CVE-2012-1682: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect…

PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.40%
91.7th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."

Affected

4 ranges
VendorProductVersion rangeFixed in
oraclejdk<= 1.7.0
oraclejdk
oraclejre<= 1.7.0
oraclejre

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2012-1682 is related to 'XMLDecoder security issue via ClassFinder' — monitor for Java applets or applications using XMLDecoder with ClassFinder to load restricted/privileged classes, which may indicate sandbox escape attempts.
  • The vulnerability is in java.beans ClassFinder — detect exploitation attempts by monitoring for Java sandbox escapes that obtain references to restricted classes via the ClassFinder implementation.
  • CVE-2012-1682 was one of the issues exploited by the Java 7 0day exploit published in August 2012 — treat any Java 7 Update 6 or earlier (and OpenJDK 6) deployments running untrusted applets as high-risk for active exploitation.
  • Public exploit details were disclosed via Full Disclosure mailing list (Vuln 1 / Issue 11) — correlate with network traffic or endpoint logs for Java applet execution around August 2012 timeframe.
  • CVE-2012-1682 affects OpenJDK 6 in addition to Java SE 7 Update 6 and earlier — ensure detection coverage includes OpenJDK 6 deployments, not just Oracle JDK 7.
  • ·java-1.6.0-sun (Oracle Java SE 6) is listed as NOT affected by CVE-2012-1682 on Red Hat Enterprise Linux 5 and 6 — scope detection to java-1.7.0-ibm, java-1.7.0-openjdk, java-1.7.0-oracle, and OpenJDK 6 packages.
  • ·Oracle has not officially confirmed the XMLDecoder/ClassFinder attack vector — the description is attributed to a downstream vendor claim only.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.