Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2007-07-11 |
| Product | Jdk | Last view | 2012-10-16 |
| Version | 1.6.0.210 | Type | Application |
| Update | update21 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sun:jdk | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.6 | 2012-10-16 | CVE-2012-5089 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. |
| 10 | 2012-10-16 | CVE-2012-5086 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. |
| 0 | 2012-10-16 | CVE-2012-5085 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. |
| 7.6 | 2012-10-16 | CVE-2012-5084 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. |
| 10 | 2012-10-16 | CVE-2012-5083 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 5 | 2012-10-16 | CVE-2012-5081 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. |
| 5 | 2012-10-16 | CVE-2012-5079 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. |
| 2.6 | 2012-10-16 | CVE-2012-5077 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. |
| 5 | 2012-10-16 | CVE-2012-5075 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. |
| 5 | 2012-10-16 | CVE-2012-5073 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. |
| 5 | 2012-10-16 | CVE-2012-5072 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. |
| 6.4 | 2012-10-16 | CVE-2012-5071 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. |
| 5.8 | 2012-10-16 | CVE-2012-5069 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. |
| 7.5 | 2012-10-16 | CVE-2012-5068 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
| 6.4 | 2012-10-16 | CVE-2012-4416 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. |
| 2.6 | 2012-10-16 | CVE-2012-3216 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
| 7.5 | 2012-10-16 | CVE-2012-3159 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. |
| 10 | 2012-10-16 | CVE-2012-3143 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089. |
| 10 | 2012-10-16 | CVE-2012-1533 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. |
| 10 | 2012-10-16 | CVE-2012-1532 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
| 10 | 2012-10-16 | CVE-2012-1531 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 10 | 2009-08-05 | CVE-2009-2675 | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. |
| 7.5 | 2009-08-05 | CVE-2009-2673 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. |
| 7.5 | 2009-08-05 | CVE-2009-2672 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. |
| 5 | 2009-08-05 | CVE-2009-2671 | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 60% (18) | CWE-264 | Permissions, Privileges, and Access Controls |
| 13% (4) | CWE-200 | Information Exposure |
| 10% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 3% (1) | CWE-287 | Improper Authentication |
| 3% (1) | CWE-189 | Numeric Errors |
| 3% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3% (1) | CWE-20 | Improper Input Validation |
| 3% (1) | CWE-16 | Configuration |
SAINT Exploits
| Description | Link |
|---|---|
| Java Runtime Environment JAR manifest Main Class buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56788 | Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access |
| 56786 | Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow |
| 56785 | Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection |
| 56784 | Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie... |
| 56783 | Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure |
| 50516 | Sun Java JDK / JRE TrueType Font Processing Heap Overflow |
| 50515 | Sun Java JDK / JRE GIF Image Decoding Memory Corruption |
| 50514 | Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access |
| 50513 | Sun Java JDK / JRE Applet Classloading Privilege Escalation |
| 50512 | Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking |
| 50511 | Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert... |
| 50510 | Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ... |
| 50509 | Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A... |
| 50506 | Sun Java JDK / JRE JAX-WS / JAXB Packages Internal Classes Applet Privilege E... |
| 50505 | Sun Java JDK / JRE Kerberos Authentication Unspecified Remote DoS |
| 50504 | Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS |
| 50503 | Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing |
| 50502 | Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness |
| 50501 | Sun Java JDK / JRE Unpack200 JAR Utility Privilege Escalation |
| 50500 | Sun Java JDK / JRE Deserializing Calendar Object Privilege Escalation |
| 50499 | Sun Java JDK / JRE Command Line Application Overflow |
| 50498 | Sun Java JDK / JRE Java Update Mechanism Digital Signature Verification Weakness |
| 50497 | Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr... |
| 46967 | Sun Java JDK / JRE Java Management Extensions (JMX) Management Agent Remote P... |
| 46966 | Sun Java JDK / JRE Applet Outbound Connection Security Model Bypass |
ExploitDB Exploits
| id | Description |
|---|---|
| 16302 | Signed Applet Social Engineering Code Exec |
| 16293 | Sun Java Calendar Deserialization Exploit |
| 9948 | Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserializati... |
| 8753 | Mac OS X Java applet Remote Deserialization Remote PoC (updated) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1424_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1423_1.nasl |
| 2012-11-02 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_169.nasl |
| 2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1384 centos6 File : nvt/gb_CESA-2012_1384_java_centos6.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01 File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01 File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01 File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1386 centos6 File : nvt/gb_CESA-2012_1386_java_centos6.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1385 centos5 File : nvt/gb_CESA-2012_1385_java_centos5.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 3 File : nvt/macosx_java_for_10_5_upd_3.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1582 File : nvt/RHSA_2009_1582.nasl |
| 2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
| 2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
| 2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1505 File : nvt/RHSA_2009_1505.nasl |
| 2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
| 2009-10-13 | Name : SLES10: Security update for Sun Java 1.4.2 File : nvt/sles10_java-1_4_2-sun.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-A-0136 | Multiple Vulnerabilities in Juniper Network Management Products Severity: Category I - VMSKEY: V0033662 |
| 2009-A-0105 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0021867 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-04-05 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45830 - Type : SERVER-OTHER - Revision : 1 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45201 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45200 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45199 - Type : SERVER-OTHER - Revision : 2 |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Type : MALWARE-CNC - Revision : 5 |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-01-10 | Oracle Java calendar deserialize vulnerability RuleID : 20238 - Type : SERVER-OTHER - Revision : 5 |
| 2014-01-10 | Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow RuleID : 17563 - Type : FILE-JAVA - Revision : 12 |
| 2014-01-10 | Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt RuleID : 17562 - Type : FILE-JAVA - Revision : 13 |
| 2014-01-10 | Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt RuleID : 17395 - Type : FILE-IMAGE - Revision : 14 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0002_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0014_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO |
| 2014-12-22 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10627.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO |
| 2014-08-22 | Name: The remote host is affected by multiple vulnerabilities. File: juniper_nsm_jsa10642.nasl - Type: ACT_GATHER_INFO |
| 2014-07-18 | Name: The remote Windows host contains a programming platform that is potentially a... File: oracle_jrockit_cpu_oct_2012.nasl - Type: ACT_GATHER_INFO |
| 2014-06-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-749.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-754.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-755.nasl - Type: ACT_GATHER_INFO |
| 2014-01-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201401-30.nasl - Type: ACT_GATHER_INFO |
| 2013-09-13 | Name: The remote host is affected by multiple vulnerabilities. File: juniper_nsm_psn_2012_08_689.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-136.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-137.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1201.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1384.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1385.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1386.nasl - Type: ACT_GATHER_INFO |
| 2013-03-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-0624.nasl - Type: ACT_GATHER_INFO |
