Vulnerabilities > CVE-2012-5077

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

oracle

sun

nessus

NVD

Published: 2012-10-16

Updated: 2022-05-13

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle JDK 1.5.0 Oracle JDK 1.6.0 Oracle JDK 1.7.0 Oracle JDK 1.4.2_38 Oracle JRE 1.7.0 Oracle JRE 1.5.0 Oracle JRE 1.6.0 Oracle JRE - Oracle JRE 1.1.6_009 Oracle JRE 1.1.7B_007 Oracle JRE 1.1.8_005 Oracle JRE 1.1.8_006 Oracle JRE 1.1.8_007 Oracle JRE 1.1.8_008 Oracle JRE 1.1.8_009 Oracle JRE 1.1.8_010 Oracle JRE 1.1.8_015 Oracle JRE 1.1.8_16 Oracle JRE 1.4.0 Oracle JRE 1.4.0_01 Oracle JRE 1.4.0_02 Oracle JRE 1.4.0_03 Oracle JRE 1.4.0_04 Oracle JRE 1.4.1 Oracle JRE 1.4.1_02 Oracle JRE 1.4.1_03 Oracle JRE 1.4.1_04 Oracle JRE 1.4.1_05 Oracle JRE 1.4.1_06 Oracle JRE 1.4.1_07 Oracle JRE 1.4.2 Oracle JRE 1.4.2_01 Oracle JRE 1.4.2_02 Oracle JRE 1.4.2_03 Oracle JRE 1.4.2_04 Oracle JRE 1.4.2_05 Oracle JRE 1.4.2_06 Oracle JRE 1.4.2_07 Oracle JRE 1.4.2_08 Oracle JRE 1.4.2_09 Oracle JRE 1.4.2_10 Oracle JRE 1.4.2_11 Oracle JRE 1.4.2_12 Oracle JRE 1.4.2_13 Oracle JRE 1.4.2_14 Oracle JRE 1.4.2_15 Oracle JRE 1.4.2_16 Oracle JRE 1.4.2_17 Oracle JRE 1.4.2_18 Oracle JRE 1.4.2_19 Oracle JRE 1.4.2_38	93
Application	Sun SUN JDK 1.6.0 SUN JDK 1.6.0.200 SUN JDK 1.6.0.210 SUN JDK 1.5.0 SUN JDK 1.4.2_13 SUN JDK 1.4.2_30 SUN JDK 1.4.2_12 SUN JDK 1.4.2_31 SUN JDK 1.4.2_3 SUN JDK 1.4.2_23 SUN JDK 1.4.2_32 SUN JDK 1.4.2_8 SUN JDK 1.4.2_16 SUN JDK 1.4.2_29 SUN JDK 1.4.2_18 SUN JDK 1.4.2_19 SUN JDK 1.4.2_6 SUN JDK 1.4.2_26 SUN JDK 1.4.2_4 SUN JDK 1.4.2_5 SUN JDK 1.4.2_25 SUN JDK 1.4.2_33 SUN JDK 1.4.2 SUN JDK 1.4.2_1 SUN JDK 1.4.2_9 SUN JDK 1.4.2_17 SUN JDK 1.4.2_28 SUN JDK 1.4.2_36 SUN JDK 1.4.2_37 SUN JDK 1.4.2_2 SUN JDK 1.4.2_10 SUN JDK 1.4.2_11 SUN JDK 1.4.2_22 SUN JDK 1.4.2_7 SUN JDK 1.4.2_14 SUN JDK 1.4.2_27 SUN JDK 1.4.2_34 SUN JDK 1.4.2_35 SUN JDK 1.4.2_15 SUN JRE 1.6.0 SUN JRE 1.5.0 SUN JRE 1.4.2_26 SUN JRE 1.4.2_7 SUN JRE 1.4.2_27 SUN JRE 1.4.2_16 SUN JRE 1.4.2_24 SUN JRE 1.4.2_1 SUN JRE 1.4.2_2 SUN JRE 1.4.2_19 SUN JRE 1.4.2_15 SUN JRE 1.4.2_31 SUN JRE 1.4.2_8 SUN JRE 1.4.2_25 SUN JRE 1.4.2_4 SUN JRE 1.4.2_13 SUN JRE 1.4.2_29 SUN JRE 1.4.2_9 SUN JRE 1.4.2_10 SUN JRE 1.4.2_11 SUN JRE 1.4.2_18 SUN JRE 1.4.2_35 SUN JRE 1.4.2_36 SUN JRE 1.4.2_14 SUN JRE 1.4.2_22 SUN JRE 1.4.2_23 SUN JRE 1.4.2_30 SUN JRE 1.4.2_17 SUN JRE 1.4.2_32 SUN JRE 1.4.2_33 SUN JRE 1.4.2_3 SUN JRE 1.4.2_12 SUN JRE 1.4.2_20 SUN JRE 1.4.2_21 SUN JRE 1.4.2_28 SUN JRE 1.4.2_37 SUN JRE 1.4.2_34 SUN JRE 1.4.2_5 SUN JRE 1.4.2_6	178

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-749.NASL
description	java-1_7_0-opendjk was updated to icedtea-2.3.3 (bnc#785814) - Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties checking in EnvHelp - S7158807: Revise stack management with volatile call sites - S7163198, CVE-2012-5076: Tightened package accessibility - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169887, CVE-2012-5074: Tightened package accessibility - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Issue with JMX reflection - S7195194, CVE-2012-5084: Better data validation for Swing - S7195549, CVE-2012-5087: Better bean object persistence - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7196190, CVE-2012-5088: Improve method of handling MethodHandles - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7198606, CVE-2012-4416: Improve VM optimization - Bug fixes - Remove merge artefact.
last seen	2020-06-05
modified	2014-06-13
plugin id	74793
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74793
title	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1419-1) (ROBOT)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
description	Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-03-18
modified	2012-10-18
plugin id	62617
published	2012-10-18
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62617
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 (20121017) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-755.NASL
description	java 1.6.0 openjdk / icedtea was updated to 1.11.5 (bnc#785433) - Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Conditional usage check is wrong - S7195194, CVE-2012-5084: Better data validation for Swing - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5079: (sl) ServiceLoader can throw CCE without needing to create instance - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7176337: Additional changes needed for 7158801 fix - S7198606, CVE-2012-4416: Improve VM optimization - Backports - S7175845:
last seen	2020-06-05
modified	2014-06-13
plugin id	74800
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74800
title	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1424-1) (ROBOT)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20121018_JAVA_1_6_0_SUN_ON_SL5_X.NASL
description	As a reminder, the openjdk Java environment is available in Scientific Linux 5. Updates for openjdk are released in a similar manner to other security updates. Scientific Linux 6 does not bundle the closed source Java environment. All running instances of Sun/Oracle Java must be restarted for the update to take effect.
last seen	2020-03-18
modified	2012-10-31
plugin id	62773
published	2012-10-31
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62773
title	Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20121018) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_6_0-OPENJDK-121023.NASL
description	java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues.
last seen	2020-06-05
modified	2013-01-25
plugin id	64169
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64169
title	SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1386.NASL
description	Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62615
published	2012-10-18
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62615
title	RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1386) (ROBOT)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1385.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62614
published	2012-10-18
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62614
title	RHEL 5 : java-1.6.0-openjdk (RHSA-2012:1385) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-754.NASL
description	This version upgrade to 1.11.5 fixed various security and non-security issues.
last seen	2020-06-05
modified	2014-06-13
plugin id	74799
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74799
title	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1423-1) (ROBOT)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20121017_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL
description	Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-03-18
modified	2012-10-18
plugin id	62618
published	2012-10-18
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62618
title	Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_OCT_2012.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
last seen	2020-06-01
modified	2020-06-02
plugin id	62593
published	2012-10-17
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62593
title	Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-1385.NASL
description	From Red Hat Security Advisory 2012:1385 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	68645
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68645
title	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-1385) (ROBOT)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-1386.NASL
description	Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62598
published	2012-10-18
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62598
title	CentOS 6 : java-1.7.0-openjdk (CESA-2012:1386) (ROBOT)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_2012-006.NASL
description	The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2012-006 update, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
last seen	2019-10-28
modified	2012-10-17
plugin id	62595
published	2012-10-17
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62595
title	Mac OS X : Java for OS X 2012-006

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201401-30.NASL
description	The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72139
published	2014-01-27
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/72139
title	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20121017_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
description	Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-03-18
modified	2012-10-22
plugin id	62653
published	2012-10-22
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62653
title	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_OCT_2012_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components : - 2D - Beans - Concurrency - Deployment - Hotspot - JAX-WS - JMX - JSSE - Libraries - Networking - Security - Swing
last seen	2020-06-01
modified	2020-06-02
plugin id	64849
published	2013-02-22
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64849
title	Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-1384.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62597
published	2012-10-18
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62597
title	CentOS 6 : java-1.6.0-openjdk (CESA-2012:1384) (ROBOT)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1392.NASL
description	Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages, listed in the References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 37. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	62636
published	2012-10-19
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62636
title	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:1392)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1384.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62613
published	2012-10-18
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62613
title	RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1384) (ROBOT)

NASL family	Misc.
NASL id	VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL
description	The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Java Runtime Environment (JRE) - Network File Copy (NFC) Protocol - OpenSSL
last seen	2020-06-01
modified	2020-06-02
plugin id	89663
published	2016-03-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/89663
title	VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-169.NASL
description	Multiple security issues were identified and fixed in OpenJDK (icedtea6) : - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are being created - S7169884, CVE-2012-5073: LogManager checks do not work correctly for sub-types - S7169888, CVE-2012-5075: Narrowing resource definitions in JMX RMI connector - S7172522, CVE-2012-5072: Improve DomainCombiner checking - S7186286, CVE-2012-5081: TLS implementation to better adhere to RFC - S7189103, CVE-2012-5069: Executors needs to maintain state - S7189490: More improvements to DomainCombiner checking - S7189567, CVE-2012-5085: java net obselete protocol - S7192975, CVE-2012-5071: Conditional usage check is wrong - S7195194, CVE-2012-5084: Better data validation for Swing - S7195917, CVE-2012-5086: XMLDecoder parsing at close-time should be improved - S7195919, CVE-2012-5979: (sl) ServiceLoader can throw CCE without needing to create instance - S7198296, CVE-2012-5089: Refactor classloader usage - S7158800: Improve storage of symbol tables - S7158801: Improve VM CompileOnly option - S7158804: Improve config file parsing - S7176337: Additional changes needed for 7158801 fix - S7198606, CVE-2012-4416: Improve VM optimization The updated packages provides icedtea6-1.11.5 which is not vulnerable to these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62794
published	2012-11-02
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62794
title	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2012-136.NASL
description	Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068 , CVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	69626
published	2013-09-04
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69626
title	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-136) (ROBOT)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2012-137.NASL
description	Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086 , CVE-2012-5084 , CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068 , CVE-2012-5071 , CVE-2012-5069 , CVE-2012-5073 , CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	69627
published	2013-09-04
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69627
title	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2012-137) (ROBOT)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-1384.NASL
description	From Red Hat Security Advisory 2012:1384 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	68644
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68644
title	Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2012-1384) (ROBOT)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-1386.NASL
description	From Red Hat Security Advisory 2012:1386 : Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Update 13 November 2012] The file list of this advisory was updated to move java-1.7.0-openjdk-devel from the optional repositories to the base repositories. Additionally, java-1.7.0-openjdk for the HPC Node variant was also moved (this package was already in the base repositories for other product variants). No changes have been made to the packages themselves. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	68646
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68646
title	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1386) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_JAVA-1_7_0-IBM-121113.NASL
description	IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 / CVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 / CVE-2012-5073 / CVE-2012-5074 / CVE-2012-5075 / CVE-2012-5083 / CVE-2012-5083 / CVE-2012-5072 / CVE-2012-1531 / CVE-2012-5081 / CVE-2012-1532 / CVE-2012-1533 / CVE-2012-5069 / CVE-2012-5071 / CVE-2012-5084 / CVE-2012-5087 / CVE-2012-5086 / CVE-2012-5079 / CVE-2012-5088 / CVE-2012-5089
last seen	2020-06-05
modified	2013-01-25
plugin id	64171
published	2013-01-25
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64171
title	SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_JAVA_10_6_UPDATE11.NASL
description	The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 11, which updates the Java version to 1.6.0_37. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
last seen	2019-10-28
modified	2012-10-17
plugin id	62594
published	2012-10-17
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62594
title	Mac OS X : Java for Mac OS X 10.6 Update 11

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201406-32.NASL
description	The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	76303
published	2014-06-30
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76303
title	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1467.NASL
description	Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	62932
published	2012-11-16
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62932
title	RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-1385.NASL
description	Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine
last seen	2020-06-01
modified	2020-06-02
plugin id	62630
published	2012-10-19
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62630
title	CentOS 5 : java-1.6.0-openjdk (CESA-2012:1385) (ROBOT)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1619-1.NASL
description	Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089) Information disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070) Vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088) A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081) Please see the following for more information: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-15159 24.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62709
published	2012-10-26
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62709
title	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2012-1489-2.NASL
description	IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159, CVE-2012-3216, CVE-2012-5070, CVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079, CVE-2012-5088, CVE-2012-5089 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83567
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/83567
title	SUSE SLES11 Security Update : IBM Java 1.7.0 (SUSE-SU-2012:1489-2)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1391.NASL
description	Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 9. All running instances of Oracle Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	62635
published	2012-10-19
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62635
title	RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)

Oval

accepted

2015-03-23T04:00:54.299-04:00

class

vulnerability

contributors

name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Java SE Runtime Environment 4 is installed
oval oval:org.mitre.oval:def:16482
comment Java SE Runtime Environment 5 is installed
oval oval:org.mitre.oval:def:15748
comment Java SE Runtime Environment 6 is installed
oval oval:org.mitre.oval:def:16362
comment Java SE Runtime Environment 7 is installed
oval oval:org.mitre.oval:def:16050

description

family

windows

oval:org.mitre.oval:def:16585

status

accepted

submitted

2013-04-17T10:26:26.748+04:00

title

related to Security.

version

Redhat

advisories

rhsa
id RHSA-2012:1385
rhsa
id RHSA-2012:1386
rhsa
id RHSA-2012:1391
rhsa
id RHSA-2012:1392
rhsa
id RHSA-2012:1467

rpms

java-1.6.0-openjdk-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-demo-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-devel-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-src-1:1.6.0.0-1.50.1.11.5.el6_3
java-1.6.0-openjdk-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.6.0-openjdk-demo-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.6.0-openjdk-devel-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.6.0-openjdk-src-1:1.6.0.0-1.28.1.10.10.el5_8
java-1.7.0-openjdk-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-openjdk-src-1:1.7.0.9-2.3.3.el6_3.1
java-1.7.0-oracle-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-devel-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-javafx-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-src-1:1.7.0.9-1jpp.3.el6_3
java-1.6.0-sun-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-1:1.6.0.37-1jpp.1.el6_3
java-1.6.0-sun-demo-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-demo-1:1.6.0.37-1jpp.1.el6_3
java-1.6.0-sun-devel-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-devel-1:1.6.0.37-1jpp.1.el6_3
java-1.6.0-sun-jdbc-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-jdbc-1:1.6.0.37-1jpp.1.el6_3
java-1.6.0-sun-plugin-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-plugin-1:1.6.0.37-1jpp.1.el6_3
java-1.6.0-sun-src-1:1.6.0.37-1jpp.1.el5_8
java-1.6.0-sun-src-1:1.6.0.37-1jpp.1.el6_3
java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3

Vulnerabilities > CVE-2012-5077 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2012-5077"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2012-5077