Vulnerabilities > CVE-2012-1720
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Vulnerable Configurations
Nessus
NASL family Windows NASL id ORACLE_JAVA_CPU_JUN_2012.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment last seen 2020-06-01 modified 2020-06-02 plugin id 59462 published 2012-06-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59462 title Oracle Java SE Multiple Vulnerabilities (June 2012 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(59462); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2012-0551", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1720", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726" ); script_bugtraq_id( 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960 ); script_name(english:"Oracle Java SE Multiple Vulnerabilities (June 2012 CPU)"); script_summary(english:"Checks version of the JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-142/"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523937/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://schierlm.users.sourceforge.net/CVE-2012-1723.html"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7ee4d1d"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u5-relnotes-1653274.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u33-relnotes-1653258.html"); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html"); script_set_attribute(attribute:"solution", value: "Update to JDK / JRE 7 Update 5 / 6 Update 33, JDK 5.0 Update 36, SDK 1.4.2_38 or later, and remove, if necessary, any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK 5.0 Update 36 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ '^1\\.7\\.0_0[0-4]([^0-9]|$)' || ver =~ '^1\\.6\\.0_([0-9]|[0-2][0-9]|3[0-2])([^0-9]|$)' || ver =~ '^1\\.5\\.0_([0-9]|[0-2][0-9]|3[0-5])([^0-9]|$)' || ver =~ '^1\\.4\\.([01]_|2_([0-9]|[0-2][0-9]|3[0-7])([^0-9]|$))' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_05 / 1.6.0_33 / 1.5.0_36 / 1.4.2_38\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }
NASL family Misc. NASL id ORACLE_JAVA_CPU_JUN_2012_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment last seen 2020-06-01 modified 2020-06-02 plugin id 64848 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64848 title Oracle Java SE Multiple Vulnerabilities (June 2012 CPU) (Unix) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2012-0013.NASL description The version of VMware vCenter installed on the remote host is 4.0 earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than Update 2. As such, it is potentially affected by multiple vulnerabilities in the included Oracle (Sun) Java Runtime Environment. last seen 2020-06-01 modified 2020-06-02 plugin id 66806 published 2013-06-05 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66806 title VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013) NASL family Windows NASL id VMWARE_VCENTER_UPDATE_MGR_VMSA-2012-0013.NASL description The version of VMware vCenter Update Manager installed on the remote Windows host is 4.0 earlier than Update 4a, or 4.1 earlier than Update 3. Such versions use a version of the Oracle JRE 1.5 that is affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 66909 published 2013-06-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66909 title VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2012-0013)
Oval
accepted | 2015-03-23T04:00:54.197-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:16581 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2013-04-22T10:26:26.748+04:00 | ||||||||||||||||
title | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. | ||||||||||||||||
version | 9 |
References
- http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://marc.info/?l=bugtraq&m=134496371727681&w=2
- http://www.ibm.com/support/docview.wss?uid=swg21615246
- http://secunia.com/advisories/51080
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.securityfocus.com/bid/53956
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16581