CVE-2012-1682
published 2012-08-30CVE-2012-1682: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect…
PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.40%
91.7th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2012-1682 is related to 'XMLDecoder security issue via ClassFinder' — monitor for Java applets or applications using XMLDecoder with ClassFinder to load restricted/privileged classes, which may indicate sandbox escape attempts. ↗
- →The vulnerability is in java.beans ClassFinder — detect exploitation attempts by monitoring for Java sandbox escapes that obtain references to restricted classes via the ClassFinder implementation. ↗
- →CVE-2012-1682 was one of the issues exploited by the Java 7 0day exploit published in August 2012 — treat any Java 7 Update 6 or earlier (and OpenJDK 6) deployments running untrusted applets as high-risk for active exploitation. ↗
- →Public exploit details were disclosed via Full Disclosure mailing list (Vuln 1 / Issue 11) — correlate with network traffic or endpoint logs for Java applet execution around August 2012 timeframe. ↗
- →CVE-2012-1682 affects OpenJDK 6 in addition to Java SE 7 Update 6 and earlier — ensure detection coverage includes OpenJDK 6 deployments, not just Oracle JDK 7. ↗
- ·java-1.6.0-sun (Oracle Java SE 6) is listed as NOT affected by CVE-2012-1682 on Red Hat Enterprise Linux 5 and 6 — scope detection to java-1.7.0-ibm, java-1.7.0-openjdk, java-1.7.0-oracle, and OpenJDK 6 packages. ↗
- ·Oracle has not officially confirmed the XMLDecoder/ClassFinder attack vector — the description is attributed to a downstream vendor claim only. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenJDK 6 vulnerabilities
vendor_ubuntu·2012-09-03·CVSS 10.0
CVE-2012-0547 [CRITICAL] OpenJDK 6 vulnerabilities
Title: OpenJDK 6 vulnerabilities
Summary: Two security issues were fixed in OpenJDK 6.
It was discovered that the Beans component in OpenJDK 6 did not
properly prevent access to restricted classes. A remote attacker could
use this to create an untrusted Java applet or application that would
bypass Java sandbox restrictions. (CVE-2012-1682)
It was discovered that functionality in the AWT component in OpenJDK 6
made it easier for a remote attacker, in conjunction with other
vulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547)
Instructions: After a standard system update you need to restart any Java applets
or applications to make all the necessary changes.
Red Hat
OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
vendor_redhat·2012-08-30·CVSS 10.0
CVE-2012-1682 [CRITICAL] OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
Package: java-1.6.0-sun (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Affected
Package: java-1.6.0-sun (Red Hat
Red Hat
OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)
vendor_redhat·2012-08-30·CVSS 10.0
CVE-2012-3136 [CRITICAL] OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)
OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.
Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-sun (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Affected
Package: java-1.6.0-ibm
GHSA
GHSA-3cq6-v88g-8x73: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2012-1682 [CRITICAL] GHSA-3cq6-v88g-8x73: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
GHSA
GHSA-5jvp-8v86-8h9w: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2012-3136 [CRITICAL] GHSA-5jvp-8v86-8h9w: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect c
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.
VulnCheck
Oracle Java SE 7 Update 6 and earlier Java Runtime Environment (JRE) Vulnerability
vulncheck·2012·CVSS 10.0
CVE-2012-1682 [CRITICAL] Oracle Java SE 7 Update 6 and earlier Java Runtime Environment (JRE) Vulnerability
Oracle Java SE 7 Update 6 and earlier Java Runtime Environment (JRE) Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."
Affected: Oracle jdk
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/adobe-flash-player-0-day-and-hackingteams-remote-control-system/64215
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
bugzilla·2012-08-30
CVE-2012-0547 [NONE] CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
Oracle Java SE 7 Update 7 and 6 Update 35 include a "security-in-depth" fix for the AWT component. This fix changes the component to remove functionality that can be used in exploits trying to bypass Java sandbox restrictions, such as the 0day exploit published in August 2012 (see bug 852051), which took advantage of SunToolkit.getField method to modify object's private field.
References:
https://blogs.oracle.com/security/entry/security_alert_for_cve_20121
http://www.oracle.com/technetwork/java/javase/6u35-relnotes-1835788.html
http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html
External Reference:
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
Discussion:
Mitre descriptio
Bugzilla
CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
bugzilla·2012-08-30·CVSS 10.0
CVE-2012-1682 [CRITICAL] CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
A flaw was found in the java.beans ClassFinder implementation, which allowed Java code running in the Java sandbox to obtain a reference to a restricted class, possibly allowing it to bypass sandbox restrictions.
This flaw is one of the issues exploited by the Java 7 0day exploit published in August 2012, see bug 852051.
Reference:
http://seclists.org/fulldisclosure/2012/Aug/336 (Vuln 1 / Issue 11)
Discussion:
Public now via Oracle Java SE 7 Update 7:
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
https://blogs.oracle.com/security/entry/security_alert_for_cve_20121
http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html
External Reference:
htt
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.htmlhttp://marc.info/?l=bugtraq&m=135109152819176&w=2http://rhn.redhat.com/errata/RHSA-2012-1222.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1225.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1466.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1456.htmlhttp://secunia.com/advisories/51044http://secunia.com/advisories/51327http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.htmlhttp://www.ubuntu.com/usn/USN-1553-1http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.htmlhttp://marc.info/?l=bugtraq&m=135109152819176&w=2http://rhn.redhat.com/errata/RHSA-2012-1222.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1225.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1466.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1456.htmlhttp://secunia.com/advisories/51044http://secunia.com/advisories/51327http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.htmlhttp://www.ubuntu.com/usn/USN-1553-1
2012-08-30
Published
Exploited in the wild