Vulnerabilities > CVE-2012-1720

CVSS 3.7 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

high complexity

oracle

sun

nessus

NVD

Published: 2012-06-16

Updated: 2022-05-13

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle JRE 1.5.0 Oracle JRE 1.6.0 Oracle JRE 1.7.0 Oracle JDK 1.5.0 Oracle JDK 1.6.0 Oracle JDK 1.7.0	8
Application	Sun SUN JDK * SUN JDK - SUN JDK 1.1.0 SUN JDK 1.1.6 SUN JDK 1.1.7B SUN JDK 1.1.8 SUN JDK 1.2.0 SUN JDK 1.2.1 SUN JDK 1.2.2 SUN JDK 1.3.0 SUN JDK 1.3.0_01 SUN JDK 1.3.0_02 SUN JDK 1.3.0_03 SUN JDK 1.3.0_04 SUN JDK 1.3.0_05 SUN JDK 1.3.1 SUN JDK 1.3.1_01 SUN JDK 1.3.1_01A SUN JDK 1.3.1_02 SUN JDK 1.3.1_03 SUN JDK 1.3.1_04 SUN JDK 1.3.1_05 SUN JDK 1.3.1_06 SUN JDK 1.3.1_07 SUN JDK 1.3.1_08 SUN JDK 1.3.1_09 SUN JDK 1.3.1_10 SUN JDK 1.3.1_11 SUN JDK 1.3.1_12 SUN JDK 1.3.1_13 SUN JDK 1.3.1_14 SUN JDK 1.3.1_15 SUN JDK 1.3.1_16 SUN JDK 1.3.1_17 SUN JDK 1.3.1_18 SUN JDK 1.3.1_19 SUN JDK 1.3.1_20 SUN JDK 1.3.1_21 SUN JDK 1.3.1_22 SUN JDK 1.3.1_23 SUN JDK 1.3.1_24 SUN JDK 1.3.1_25 SUN JDK 1.3.1_26 SUN JDK 1.3.1_27 SUN JDK 1.3.1_28 SUN JDK 1.4.0 SUN JDK 1.4.1 SUN JDK 1.4.2 SUN JDK 1.4.2_1 SUN JDK 1.4.2_2 SUN JDK 1.4.2_3 SUN JDK 1.4.2_4 SUN JDK 1.4.2_5 SUN JDK 1.4.2_6 SUN JDK 1.4.2_7 SUN JDK 1.4.2_8 SUN JDK 1.4.2_9 SUN JDK 1.4.2_10 SUN JDK 1.4.2_11 SUN JDK 1.4.2_12 SUN JDK 1.4.2_13 SUN JDK 1.4.2_14 SUN JDK 1.4.2_15 SUN JDK 1.4.2_16 SUN JDK 1.4.2_17 SUN JDK 1.4.2_18 SUN JDK 1.4.2_19 SUN JDK 1.4.2_22 SUN JDK 1.4.2_23 SUN JDK 1.4.2_24 SUN JDK 1.4.2_25 SUN JDK 1.4.2_26 SUN JDK 1.4.2_27 SUN JDK 1.4.2_28 SUN JDK 1.4.2_29 SUN JDK 1.4.2_30 SUN JDK 1.4.2_31 SUN JDK 1.4.2_32 SUN JDK 1.4.2_33 SUN JDK 1.4.2_34 SUN JDK 1.4.2_35 SUN JDK 1.4.2_36 SUN JDK 1.4.2_37 SUN JRE * SUN JRE - SUN JRE 1.1.7 SUN JRE 1.1.8 SUN JRE 1.2.2 SUN JRE 1.3.0 SUN JRE 1.3.1 SUN JRE 1.3.1_2 SUN JRE 1.3.1_03 SUN JRE 1.3.1_04 SUN JRE 1.3.1_05 SUN JRE 1.3.1_06 SUN JRE 1.3.1_07 SUN JRE 1.3.1_08 SUN JRE 1.3.1_09 SUN JRE 1.3.1_10 SUN JRE 1.3.1_11 SUN JRE 1.3.1_12 SUN JRE 1.3.1_13 SUN JRE 1.3.1_14 SUN JRE 1.3.1_15 SUN JRE 1.3.1_16 SUN JRE 1.3.1_17 SUN JRE 1.3.1_18 SUN JRE 1.3.1_19 SUN JRE 1.3.1_20 SUN JRE 1.3.1_21 SUN JRE 1.3.1_22 SUN JRE 1.3.1_23 SUN JRE 1.3.1_24 SUN JRE 1.3.1_25 SUN JRE 1.3.1_26 SUN JRE 1.3.1_27 SUN JRE 1.3.1_28 SUN JRE 1.4.0 SUN JRE 1.4.0_01 SUN JRE 1.4.0_02 SUN JRE 1.4.0_03 SUN JRE 1.4.0_04 SUN JRE 1.4.1 SUN JRE 1.4.1_02 SUN JRE 1.4.1_03 SUN JRE 1.4.1_04 SUN JRE 1.4.1_05 SUN JRE 1.4.1_06 SUN JRE 1.4.1_07 SUN JRE 1.4.2 SUN JRE 1.4.2_01 SUN JRE 1.4.2_1 SUN JRE 1.4.2_02 SUN JRE 1.4.2_2 SUN JRE 1.4.2_03 SUN JRE 1.4.2_3 SUN JRE 1.4.2_04 SUN JRE 1.4.2_4 SUN JRE 1.4.2_05 SUN JRE 1.4.2_5 SUN JRE 1.4.2_06 SUN JRE 1.4.2_6 SUN JRE 1.4.2_07 SUN JRE 1.4.2_7 SUN JRE 1.4.2_08 SUN JRE 1.4.2_8 SUN JRE 1.4.2_09 SUN JRE 1.4.2_9 SUN JRE 1.4.2_10 SUN JRE 1.4.2_11 SUN JRE 1.4.2_12 SUN JRE 1.4.2_13 SUN JRE 1.4.2_14 SUN JRE 1.4.2_15 SUN JRE 1.4.2_16 SUN JRE 1.4.2_17 SUN JRE 1.4.2_18 SUN JRE 1.4.2_19 SUN JRE 1.4.2_20 SUN JRE 1.4.2_21 SUN JRE 1.4.2_22 SUN JRE 1.4.2_23 SUN JRE 1.4.2_24 SUN JRE 1.4.2_25 SUN JRE 1.4.2_26 SUN JRE 1.4.2_27 SUN JRE 1.4.2_28 SUN JRE 1.4.2_29 SUN JRE 1.4.2_30 SUN JRE 1.4.2_31 SUN JRE 1.4.2_32 SUN JRE 1.4.2_33 SUN JRE 1.4.2_34 SUN JRE 1.4.2_35 SUN JRE 1.4.2_36 SUN JRE 1.4.2_37	246

Nessus

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_JUN_2012.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment
last seen	2020-06-01
modified	2020-06-02
plugin id	59462
published	2012-06-13
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59462
title	Oracle Java SE Multiple Vulnerabilities (June 2012 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(59462); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2012-0551", "CVE-2012-1711", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1720", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1723", "CVE-2012-1724", "CVE-2012-1725", "CVE-2012-1726" ); script_bugtraq_id( 53946, 53947, 53948, 53949, 53950, 53951, 53952, 53953, 53954, 53956, 53958, 53959, 53960 ); script_name(english:"Oracle Java SE Multiple Vulnerabilities (June 2012 CPU)"); script_summary(english:"Checks version of the JRE"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-142/"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523937/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://schierlm.users.sourceforge.net/CVE-2012-1723.html"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7ee4d1d"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/7u5-relnotes-1653274.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/java/javase/6u33-relnotes-1653258.html"); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/eol-135779.html"); script_set_attribute(attribute:"solution", value: "Update to JDK / JRE 7 Update 5 / 6 Update 33, JDK 5.0 Update 36, SDK 1.4.2_38 or later, and remove, if necessary, any affected versions. Note that an Extended Support contract with Oracle is needed to obtain JDK 5.0 Update 36 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; if ( ver =~ '^1\\.7\\.0_0[0-4]([^0-9]\|$)' \|\| ver =~ '^1\\.6\\.0_([0-9]\|[0-2][0-9]\|3[0-2])([^0-9]\|$)' \|\| ver =~ '^1\\.5\\.0_([0-9]\|[0-2][0-9]\|3[0-5])([^0-9]\|$)' \|\| ver =~ '^1\\.4\\.([01]_\|2_([0-9]\|[0-2][0-9]\|3[0-7])([^0-9]\|$))' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_05 / 1.6.0_33 / 1.5.0_36 / 1.4.2_38\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else exit(0, "The Java "+installed_versions+" install on the remote host is not affected."); }

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_JUN_2012_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 5 / 6 Update 33 / 5.0 Update 36 / 1.4.2_38 and is, therefore, potentially affected by security issues in the following components : - 2D - Deployment - Hotspot - Swing - CORBA - Libraries - JAXP - Security - Networking - Java Runtime Environment
last seen	2020-06-01
modified	2020-06-02
plugin id	64848
published	2013-02-22
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64848
title	Oracle Java SE Multiple Vulnerabilities (June 2012 CPU) (Unix)

NASL family	Misc.
NASL id	VMWARE_VCENTER_VMSA-2012-0013.NASL
description	The version of VMware vCenter installed on the remote host is 4.0 earlier than Update 4a, 4.1 earlier than Update 3, or 5.0 earlier than Update 2. As such, it is potentially affected by multiple vulnerabilities in the included Oracle (Sun) Java Runtime Environment.
last seen	2020-06-01
modified	2020-06-02
plugin id	66806
published	2013-06-05
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66806
title	VMware vCenter Multiple Vulnerabilities (VMSA-2012-0013)

NASL family	Windows
NASL id	VMWARE_VCENTER_UPDATE_MGR_VMSA-2012-0013.NASL
description	The version of VMware vCenter Update Manager installed on the remote Windows host is 4.0 earlier than Update 4a, or 4.1 earlier than Update 3. Such versions use a version of the Oracle JRE 1.5 that is affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	66909
published	2013-06-17
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66909
title	VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2012-0013)

Oval

accepted

2015-03-23T04:00:54.197-04:00

class

vulnerability

contributors

name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Java SE Runtime Environment 4 is installed
oval oval:org.mitre.oval:def:16482
comment Java SE Runtime Environment 5 is installed
oval oval:org.mitre.oval:def:15748
comment Java SE Runtime Environment 6 is installed
oval oval:org.mitre.oval:def:16362
comment Java SE Runtime Environment 7 is installed
oval oval:org.mitre.oval:def:16050

description

family

windows

oval:org.mitre.oval:def:16581

status

accepted

submitted

2013-04-22T10:26:26.748+04:00

title

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.

version

Vulnerabilities > CVE-2012-1720 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2012-1720"}]}

Summary

Vulnerable Configurations

Nessus

Oval

References

Vulnerabilities > CVE-2012-1720