Executive Summary
Summary | |
---|---|
Title | OpenJDK 6 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1553-1 | First vendor Publication | 2012-09-03 |
Vendor | Ubuntu | Last vendor Modification | 2012-09-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Two security issues were fixed in OpenJDK 6. Software Description: - openjdk-6: Open Source Java implementation Details: It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. (CVE-2012-1682) It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.04 LTS: After a standard system update you need to restart any Java applets or applications to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1553-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19842 | |||
Oval ID: | oval:org.mitre.oval:def:19842 | ||
Title: | HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0547 | Version: | 10 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19946 | |||
Oval ID: | oval:org.mitre.oval:def:19946 | ||
Title: | HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1682 | Version: | 10 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21284 | |||
Oval ID: | oval:org.mitre.oval:def:21284 | ||
Title: | RHSA-2012:1221: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1221-01 CESA-2012:1221 CVE-2012-0547 CVE-2012-1682 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21371 | |||
Oval ID: | oval:org.mitre.oval:def:21371 | ||
Title: | RHSA-2012:1222: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1222-00 CESA-2012:1222 CVE-2012-0547 CVE-2012-1682 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22761 | |||
Oval ID: | oval:org.mitre.oval:def:22761 | ||
Title: | ELSA-2012:1222: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1222-00 CVE-2012-0547 CVE-2012-1682 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23805 | |||
Oval ID: | oval:org.mitre.oval:def:23805 | ||
Title: | ELSA-2012:1221: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1221-01 CVE-2012-0547 CVE-2012-1682 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27774 | |||
Oval ID: | oval:org.mitre.oval:def:27774 | ||
Title: | DEPRECATED: ELSA-2012-1221 -- java-1.6.0-openjdk security update (critical) | ||
Description: | [1:1.6.0.0-1.49.1.11.4] - Updated to latest IedTea6 1.11.4 - Resolves: rhbz#853345 [1:1.6.0.0-1.48.1.11.3] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828752 [1:1.6.0.0-1.47.1.11.3] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828752 [1:1.6.0.0-1.46.1.11.3] - Updated to IcedTea6 1.11.3 - Removed upstreamed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added to patch - Resolves: rhbz#828752 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1221 CVE-2012-0547 CVE-2012-1682 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27790 | |||
Oval ID: | oval:org.mitre.oval:def:27790 | ||
Title: | DEPRECATED: ELSA-2012-1222 -- java-1.6.0-openjdk security update (important) | ||
Description: | [1.6.0.0-1.28.1.10.9.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.28.1.10.9] - Updated to latest IcedTea6 1.10.9 - Resolves: rhbz#846709 - Resolves: rhbz#853114 [1:1.6.0.0-1.27.1.10.8] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828749 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1222 CVE-2012-0547 CVE-2012-1682 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1175_1.nasl |
2012-10-09 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl |
2012-09-21 | Name : Java for Mac OS X 10.6 Update 10 File : nvt/gb_macosx_java_10_6_upd_10.nasl |
2012-09-04 | Name : CentOS Update for java CESA-2012:1221 centos6 File : nvt/gb_CESA-2012_1221_java_centos6.nasl |
2012-09-04 | Name : CentOS Update for java CESA-2012:1222 centos5 File : nvt/gb_CESA-2012_1222_java_centos5.nasl |
2012-09-04 | Name : CentOS Update for java CESA-2012:1223 centos6 File : nvt/gb_CESA-2012_1223_java_centos6.nasl |
2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01 File : nvt/gb_RHSA-2012_1221-01_java-1.6.0-openjdk.nasl |
2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01 File : nvt/gb_RHSA-2012_1222-01_java-1.6.0-openjdk.nasl |
2012-09-04 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01 File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl |
2012-09-04 | Name : Ubuntu Update for openjdk-6 USN-1553-1 File : nvt/gb_ubuntu_USN_1553_1.nasl |
2012-09-03 | Name : Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) File : nvt/gb_oracle_java_se_jre_awt_comp_unspecified_vuln_win.nasl |
2012-09-03 | Name : Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) File : nvt/gb_oracle_java_se_jre_mult_code_exec_vuln_win.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-592.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-601.nasl - Type : ACT_GATHER_INFO |
2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-119.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java7_update6_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote host contains a runtime environment that contains methods that can... File : oracle_java6_update35_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120905.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-120919.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1466.nasl - Type : ACT_GATHER_INFO |
2012-10-31 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121018_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1392.nasl - Type : ACT_GATHER_INFO |
2012-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-150.nasl - Type : ACT_GATHER_INFO |
2012-09-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1289.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote host has a version of Java that contains methods that can aid in f... File : macosx_java_2012-005.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote host has a version of Java that contains methods that can aid in f... File : macosx_java_10_6_update10.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1553-1.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1225.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote host contains a runtime environment that contains methods that can... File : oracle_java6_update35.nasl - Type : ACT_GATHER_INFO |
2012-08-27 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java7_update6.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:39 |
|