Oracle Security Alert for CVE-2012-4681 - BETA ORACLE CVRF
Oracle Security Alert
CVE-2012-4681
Final
1.0
1.0
2012-08-31T13:00:00-07:00
Initial Distribution
2012-08-31T13:00:00-07:00
2012-08-31T13:00:00-07:00
This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document.
This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1836459.xml
https://www.oracle.com/security-alerts/alert-cve-2012-4681.html
URL to html version of Advisory
Adam Gowdiak
Security Explorations
James Forshaw
TippingPoint's Zero Day Initiative
Sun Java Version 6 Update 34 and before
Sun Java Version 7 Update 6 and before
CVE-2012-0547
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are 7 Update 6 and before and 6 Update 34 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized NOT IMPLEMENTED. Note: CVE-2012-0547 represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. CVSS Base Score 0.0 (). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N). Oracle Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N).
Fix has been released
CVE-2012-0547
P-856V-7 Update 6 and before
P-856V-6 Update 34 and before
0.0
AV:N/AC:L/Au:N/C:N/I:N/A:N
CVE-2012-4681
Oracle customers with valid support contracts
https://www.oracle.com/security-alerts/alert-cve-2012-4681.html
P-856V-7 Update 6 and before
P-856V-6 Update 34 and before
CVE-2012-1682
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are 7 Update 6 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.). CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).
Fix has been released
CVE-2012-1682
P-856V-7 Update 6 and before
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2012-4681
Oracle customers with valid support contracts
https://www.oracle.com/security-alerts/alert-cve-2012-4681.html
P-856V-7 Update 6 and before
CVE-2012-3136
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are 7 Update 6 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.). CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).
Fix has been released
CVE-2012-3136
P-856V-7 Update 6 and before
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2012-4681
Oracle customers with valid support contracts
https://www.oracle.com/security-alerts/alert-cve-2012-4681.html
P-856V-7 Update 6 and before
CVE-2012-4681
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Beans). Supported versions that are affected are 7 Update 6 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.). CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).
Fix has been released
CVE-2012-4681
P-856V-7 Update 6 and before
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2012-4681
Oracle customers with valid support contracts
https://www.oracle.com/security-alerts/alert-cve-2012-4681.html
P-856V-7 Update 6 and before