Vulnerabilities > CVE-2012-4681

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

oracle

redhat

nessus

exploit available

metasploit

NVD

Published: 2012-08-28

Updated: 2022-12-21

Summary

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle JDK 1.7.0 Oracle JDK 1.6.0 Oracle JRE 1.7.0 Oracle JRE 1.6.0	81
OS	Redhat Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux EUS 6.3	4

Exploit-Db

description	Java 7 Applet Remote Code Execution. CVE-2012-0547,CVE-2012-3539,CVE-2012-4681. Remote exploit for java platform
id	EDB-ID:20865
last seen	2016-02-02
modified	2012-08-27
published	2012-08-27
reporter	metasploit
source	https://www.exploit-db.com/download/20865/
title	Java 7 Applet Remote Code Execution

Metasploit

description	The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod(). Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which can be used to abuse sun.awt.SunToolkit (a restricted package). With sun.awt.SunToolkit, we can actually invoke getField() by abusing findMethod() in Statement.invokeInternal() (but getField() must be public, and that's not always the case in JDK 6) in order to access Statement.acc's private field, modify AccessControlContext, and then disable Security Manager. Once Security Manager is disabled, we can execute arbitrary Java code. Our exploit has been tested successfully against multiple platforms, including: IE, Firefox, Safari, Chrome; Windows, Ubuntu, OS X, Solaris, etc.
id	MSF:EXPLOIT/MULTI/BROWSER/JAVA_JRE17_EXEC
last seen	2020-05-15
modified	2020-02-18
published	2012-08-27
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681 http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html https://blog.rapid7.com/2012/08/27/lets-start-the-week-with-a-new-java-0day https://bugzilla.redhat.com/show_bug.cgi?id=852051
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_jre17_exec.rb
title	Java 7 Applet Remote Code Execution

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-13131.NASL
description	This update is fixing recent important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681) http://blog.fuseyism.com/index.php/2012/08/31/security-icedtea6-1-10-9 -1-11-4-icedtea-2-3-2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-09-04
plugin id	61760
published	2012-09-04
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61760
title	Fedora 17 : java-1.7.0-openjdk-1.7.0.6-2.3.1.fc17.2 (2012-13131)

NASL family	Windows
NASL id	ORACLE_JAVA6_UPDATE35.NASL
description	The version of Oracle (formerly Sun) Java Runtime Environment (JRE) 6.x installed on the remote host is earlier than Update 35. It, therefore, potentially contains two methods that do not properly restrict access to information about other classes. Specifically, the
last seen	2020-06-01
modified	2020-06-02
plugin id	61746
published	2012-08-31
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61746
title	Oracle Java JDK / JRE 6 < Update 35 SunToolKit getField() and getMethod() Access Issue

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1223.NASL
description	Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	61769
published	2012-09-04
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61769
title	RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1223)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1289.NASL
description	Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1726, CVE-2012-3136, CVE-2012-4681) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR2 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	62196
published	2012-09-19
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62196
title	RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120904_JAVA_1_6_0_SUN_ON_SL5_X.NASL
description	These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user
last seen	2020-03-18
modified	2012-09-13
plugin id	62071
published	2012-09-13
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62071
title	Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20120904)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_10_6_UPDATE10.NASL
description	The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 10, which updates the Java version to 1.6.0_35. As such, it potentially contains two methods that do not properly restrict access to information about other classes. Specifically, the
last seen	2020-06-01
modified	2020-06-02
plugin id	61997
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61997
title	Mac OS X : Java for Mac OS X 10.6 Update 10

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-1223.NASL
description	From Red Hat Security Advisory 2012:1223 : Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	68611
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68611
title	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1223)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120903_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
description	These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2012-09-05
plugin id	61786
published	2012-09-05
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61786
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20120903)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL
description	java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues.
last seen	2020-06-05
modified	2013-01-25
plugin id	64169
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64169
title	SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_16846D1EF1DE11E18BD80022156E8794.NASL
description	US-CERT reports : Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. By leveraging the public, privileged getField() function, an untrusted Java applet can escalate its privileges by calling the setSecurityManager() function to allow full privileges, without requiring code signing. This vulnerability is being actively exploited in the wild, and exploit code is publicly available. This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager.
last seen	2020-06-01
modified	2020-06-02
plugin id	61740
published	2012-08-31
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61740
title	FreeBSD : Java 1.7 -- security manager bypass (16846d1e-f1de-11e1-8bd8-0022156e8794)

NASL family	Misc.
NASL id	ORACLE_JAVA7_UPDATE6_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The
last seen	2020-06-01
modified	2020-06-02
plugin id	64841
published	2013-02-22
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64841
title	Oracle Java SE 7 < Update 7 Multiple Vulnerabilities (Unix)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-150.NASL
description	Multiple security issues were identified and fixed in OpenJDK (icedtea6) : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities (CVE-2012-0547). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136 (CVE-2012-1682). The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62444
published	2012-10-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62444
title	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:150-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-592.NASL
description	Java-1_7_0-openjdk was updated to fix a remote exploit (CVE-2012-4681). Also bugfixes were done : - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild (osc build) --with zero - add hotspot 2.1 needed for zero - fix filelist on %(ix86) - Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects - S7163201, CVE-2012-0547: Simplify toolkit internals references - RH852051, CVE-2012-4681, S7162473: Reintroduce PackageAccessible checks removed in 6788531. - OpenJDK - Fix Zero FTBFS issues with 2.3 - S7180036: Build failure in Mac platform caused by fix # 7163201 - S7182135: Impossible to use some editors directly - S7183701: [TEST] closed/java/beans/security/TestClassFinder.java – compilation failed - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE - Bug fixes - PR1149: Zero-specific patch files not being packaged - use icedtea tarball for build again, this led into following dropped files because the are already in the tarball and simplified %prep and %build - drop class-rewriter.tar.gz - drop systemtap-tapset.tar.gz - drop desktop-files.tar.gz - drop nss.cfg - drop pulseaudio.tar.gz - drop remove-intree-libraries.sh - add archives from icedtea7-forest-2.3 for openjdk, corba, jaxp, jaxws, jdk, langtools and hotspot - drop rhino.patch, pulse-soundproperties and systemtap patch - move gnome bridge patches before make as it
last seen	2020-06-05
modified	2014-06-13
plugin id	74748
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74748
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201401-30.NASL
description	The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72139
published	2014-01-27
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/72139
title	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_7_0-IBM-120919.NASL
description	IBM Java 1.7.0 was updated to SR2 which fixes critical security issues.
last seen	2020-06-05
modified	2013-01-25
plugin id	64170
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64170
title	SuSE 11.2 Security Update : IBM Java (SAT Patch Number 6839)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-13100.NASL
description	This update is fixing recent important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681) http://blog.fuseyism.com/index.php/2012/08/31/security-icedtea6-1-10-9 -1-11-4-icedtea-2-3-2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-09-18
plugin id	62142
published	2012-09-18
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62142
title	Fedora 18 : java-1.7.0-openjdk-1.7.0.6-2.3.1.fc18.2 (2012-13100)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1225.NASL
description	Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Security Alert page, listed in the References section. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, CVE-2012-0547) Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 7 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	61770
published	2012-09-04
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61770
title	RHEL 6 : java-1.7.0-oracle (RHSA-2012:1225)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-13138.NASL
description	This update is fixing recent important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681) Updated to latest IcedTea7 2.3 based on latest build of OpenJDK u6. http://blog.fuseyism.com/index.php/2012/08/31/security-icedtea6-1-10-9 -1-11-4-icedtea-2-3-2-released/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-09-04
plugin id	61761
published	2012-09-04
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61761
title	Fedora 16 : java-1.7.0-openjdk-1.7.0.6-2.3.1.fc16.2 (2012-13138)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_2012-005.NASL
description	The remote Mac OS X 10.7 or 10.8 host is running a version of Java for Mac OS X that is missing update 2012-005, which updates the Java version to 1.6.0_35. As such, it potentially contains two methods that do not properly restrict access to information about other classes. Specifically, the
last seen	2020-06-01
modified	2020-06-02
plugin id	61998
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61998
title	Mac OS X : Java for OS X 2012-005

NASL family	Windows
NASL id	ORACLE_JAVA7_UPDATE6.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 7 and is, therefore, potentially affected the following vulnerabilities : - The
last seen	2020-06-01
modified	2020-06-02
plugin id	61681
published	2012-08-27
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61681
title	Oracle Java SE 7 < Update 7 Multiple Vulnerabilities

NASL family	Misc.
NASL id	ORACLE_JAVA6_UPDATE35_UNIX.NASL
description	The version of Oracle (formerly Sun) Java Runtime Environment (JRE) 6.x installed on the remote host is earlier than Update 35. It is, therefore, affected by the following vulnerabilities: - Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, CVE-2012-0547) Please note this issue is not directly exploitable, rather it can aid in attacks against other, directly exploitable vulnerabilities, such as that found in CVE-2012-4681.
last seen	2020-06-01
modified	2020-06-02
plugin id	64839
published	2013-02-22
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64839
title	Oracle Java JDK / JRE 6 < Update 35 Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-1223.NASL
description	Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	61789
published	2012-09-06
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61789
title	CentOS 6 : java-1.7.0-openjdk (CESA-2012:1223)

Redhat

advisories

bugzilla

id	853228
title	CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223003
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223005
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223007
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.5-2.2.1.el6_3.3
oval oval:com.redhat.rhsa:tst:20121223009
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

rhsa

id	RHSA-2012:1223
released	2012-09-03
severity	Important
title	RHSA-2012:1223: java-1.7.0-openjdk security update (Important)

rhsa
id RHSA-2012:1225

rpms

java-1.7.0-openjdk-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-debuginfo-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-demo-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-devel-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-javadoc-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-openjdk-src-1:1.7.0.5-2.2.1.el6_3.3
java-1.7.0-oracle-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-devel-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-oracle-src-1:1.7.0.7-1jpp.5.el6_3
java-1.7.0-ibm-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-demo-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-devel-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.2.0-1jpp.3.el6_3
java-1.7.0-ibm-src-1:1.7.0.2.0-1jpp.3.el6_3

Saint

bid	55213
description	Oracle Java findMethod findClass Security Bypass
id	web_client_jre
osvdb	84867
title	oracle_java_findclass_findmethod_security_bypass
type	client

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 55339 CVE ID: CVE-2012-0547 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Oracle Java SE 7 Update 6及之前版本、6 Update 34及之前版本的JRE组件中存在不明细节漏洞，影响目前未知。 0 Sun JRE 1.x 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（alert-cve-2012-4681-1835715）以及相应补丁: alert-cve-2012-4681-1835715：Oracle Security Alert for CVE-2012-4681 链接：http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
id	SSV:60367
last seen	2017-11-19
modified	2012-09-04
published	2012-09-04
reporter	Root
title	Oracle Sun JRE 1.x 远程JRE漏洞

The Hacker News

id	THN:3BF9400C51248462741DFA3EAF706DEE
last seen	2018-01-27
modified	2013-12-13
published	2013-12-13
reporter	Mohit Kumar
source	https://thehackernews.com/2013/12/chinese-hackers-spied-on-european.html
title	Chinese Hackers spied on European Diplomats during recent G20 meetings

id	THN:0687804BE8E280BFF660592E33597468
last seen	2017-01-08
modified	2013-01-11
published	2013-01-10
reporter	Mohit Kumar
source	http://thehackernews.com/2013/01/exploit-packs-updated-with-new-java.html
title	Exploit Packs updated with New Java Zero-Day vulnerability

Vulnerabilities > CVE-2012-4681 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2012-4681"}]}

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Nessus

Redhat

Saint

Seebug

The Hacker News

References

Vulnerabilities > CVE-2012-4681