cbcvebase.
CVE-2012-3174
published 2013-01-14

CVE-2012-3174: Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors…

PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.58%
90.4th percentile
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.

Affected

4 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
opensuseopensuse
oraclejdk
oraclejre

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2012-3174 involves incorrect permission checks in MethodHandles in Oracle Java 7 before Update 11 (Libraries, 8004933); details remain non-public but the fix is in the same OpenJDK commits as CVE-2013-0422
  • The fix for CVE-2012-3174 is contained in the same upstream OpenJDK7 commits as CVE-2013-0422; monitor for these changesets being absent on Java 7 < Update 11 deployments
  • CVE-2012-3174 is distinct from the recursive Reflection API issue (CVE-2013-0422); do not conflate the two when writing detection logic — CVE-2012-3174 details were not public as of 2013-01-14
  • Both CVE-2012-3174 and CVE-2013-0422 were patched together in IcedTea versions 2.1.4, 2.2.4, and 2.3.4; systems running older IcedTea 2.x branches remain exposed
  • ·CVE-2012-3174 technical details were intentionally withheld and remain unspecified; no concrete attack vector or exploit code is publicly attributed solely to this CVE
  • ·IBM Java SE packages (java-1.5.0-ibm, java-1.6.0-ibm) on RHEL 5 and 6 are listed as Not Affected for CVE-2012-3174
  • ·CVE-2012-3174 affects Oracle Java 7 before Update 11 only; Java 6 and older versions are not listed as affected

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.