You are here

CVE-2012-1682

Vincent (CVE) Danen's picture
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."

Details Source

Mitre

Public Date

2012-08-30 00:00:00

Impact

Critical

Bugzilla

CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Bugzilla ID

853 097

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

External References

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2012:1466 2012-11-15
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2012:1289 2012-09-18
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2012:1222 2012-09-03
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2012:1221 2012-09-03
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2012:1466 2012-11-15
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2012:1223 2012-09-03
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2012:1225 2012-09-04
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 java-1.6.0-sun Not affected
Red Hat Enterprise Linux 5 java-1.7.0-ibm Affected
Red Hat Enterprise Linux 5 java-1.6.0-sun Not affected
Red Hat Enterprise Linux 5 java-1.7.0-oracle Affected
Red Hat Enterprise Linux 5 java-1.7.0-openjdk Affected