This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-11-28
Product Jdk Last view 2017-12-29
Version 1.6.0 Type Application
Update update_171  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:jdk

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2017-12-29 CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

9.3 2013-10-16 CVE-2013-5838

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

5 2013-06-18 CVE-2013-3744

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.

9.3 2013-06-18 CVE-2013-2462

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

9.3 2013-06-18 CVE-2013-2460

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.

5.8 2013-06-18 CVE-2013-2458

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles."

4.3 2013-06-18 CVE-2013-2449

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.

5 2013-06-18 CVE-2013-2400

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.

5 2013-04-17 CVE-2013-2438

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.

9.3 2013-04-17 CVE-2013-2436

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.

10 2013-04-17 CVE-2013-2434

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10 2013-04-17 CVE-2013-2431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."

10 2013-04-17 CVE-2013-2428

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427.

10 2013-04-17 CVE-2013-2427

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428.

9.3 2013-04-17 CVE-2013-2426

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.

10 2013-04-17 CVE-2013-2425

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

4.3 2013-04-17 CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

9.3 2013-04-17 CVE-2013-2421

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions.

4.3 2013-04-17 CVE-2013-2416

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

2.1 2013-04-17 CVE-2013-2415

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

10 2013-04-17 CVE-2013-2414

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428.

5 2013-04-17 CVE-2013-1564

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.

5 2013-04-17 CVE-2013-1561

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

5 2012-11-28 CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-310 Cryptographic Issues
50% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

SAINT Exploits

Description Link
Java Runtime Environment Hotspot final field vulnerability More info here
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability More info here

ExploitDB Exploits

id Description
26529 Java Applet ProviderSkeleton Insecure Invoke Method

OpenVAS Exploits

id Description
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0200 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0040783

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38339 - Type : FILE-JAVA - Revision : 2
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38338 - Type : FILE-JAVA - Revision : 2
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37804 - Type : FILE-JAVA - Revision : 4
2014-11-16 Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt
RuleID : 31367 - Type : FILE-JAVA - Revision : 6
2014-11-16 Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt
RuleID : 31366 - Type : FILE-JAVA - Revision : 7
2014-11-16 CottonCastle exploit kit Oracle java outbound connection
RuleID : 31278 - Type : EXPLOIT-KIT - Revision : 2
2014-11-16 CottonCastle exploit kit Oracle Java outbound connection
RuleID : 31277 - Type : EXPLOIT-KIT - Revision : 2
2014-03-29 Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt
RuleID : 29972 - Type : FILE-JAVA - Revision : 2
2014-03-29 Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt
RuleID : 29971 - Type : FILE-JAVA - Revision : 2
2014-03-29 Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt
RuleID : 29970 - Type : FILE-JAVA - Revision : 2
2014-03-29 Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt
RuleID : 29969 - Type : FILE-JAVA - Revision : 2
2014-02-21 Styx exploit kit eot outbound connection
RuleID : 29453 - Type : EXPLOIT-KIT - Revision : 2
2014-02-21 Styx exploit kit landing page request
RuleID : 29452 - Type : EXPLOIT-KIT - Revision : 2
2014-02-21 Styx exploit kit outbound jar request
RuleID : 29451 - Type : EXPLOIT-KIT - Revision : 2
2014-02-21 Styx exploit kit outbound connection attempt
RuleID : 29450 - Type : EXPLOIT-KIT - Revision : 2
2014-02-21 Styx exploit kit landing page
RuleID : 29449 - Type : EXPLOIT-KIT - Revision : 3
2014-02-21 Styx exploit kit landing page
RuleID : 29448 - Type : EXPLOIT-KIT - Revision : 2
2014-02-21 Styx exploit kit jar outbound connection
RuleID : 29446 - Type : EXPLOIT-KIT - Revision : 9
2014-02-21 Styx exploit kit fonts download page
RuleID : 29445 - Type : EXPLOIT-KIT - Revision : 2
2014-01-11 Neutrino exploit kit initial outbound request - generic detection
RuleID : 28911 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Styx exploit kit landing page request
RuleID : 28478 - Type : EXPLOIT-KIT - Revision : 4
2014-01-10 Styx exploit kit outbound pdf request
RuleID : 28477 - Type : EXPLOIT-KIT - Revision : 5
2014-01-10 Neutrino exploit kit outbound request by Java - generic detection
RuleID : 28476 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Neutrino exploit kit outbound request - generic detection
RuleID : 28475 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Neutrino exploit kit outbound plugin detection response - generic detection
RuleID : 28474 - Type : EXPLOIT-KIT - Revision : 6

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1256-1.nasl - Type: ACT_GATHER_INFO
2014-06-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-622.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-426.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-410.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-402.nasl - Type: ACT_GATHER_INFO
2014-05-12 Name: The remote server is affected by multiple vulnerabilities.
File: domino_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO
2014-05-12 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_domino_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO
2014-05-12 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_notes_9_0_1_fp1.nasl - Type: ACT_GATHER_INFO
2014-01-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2014-0097.nasl - Type: ACT_GATHER_INFO
2014-01-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201401-30.nasl - Type: ACT_GATHER_INFO
2014-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2014-0027.nasl - Type: ACT_GATHER_INFO
2014-01-08 Name: The remote server is affected by multiple vulnerabilities.
File: domino_9_0_1.nasl - Type: ACT_GATHER_INFO
2014-01-08 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_domino_9_0_1.nasl - Type: ACT_GATHER_INFO
2013-11-21 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_7_0-ibm-131119.nasl - Type: ACT_GATHER_INFO
2013-11-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-267.nasl - Type: ACT_GATHER_INFO
2013-11-19 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_6_0-ibm-131114.nasl - Type: ACT_GATHER_INFO
2013-11-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2013-235.nasl - Type: ACT_GATHER_INFO
2013-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1507.nasl - Type: ACT_GATHER_INFO
2013-11-04 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_notes_8_5_3_fp5.nasl - Type: ACT_GATHER_INFO
2013-11-04 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_domino_8_5_3_fp5.nasl - Type: ACT_GATHER_INFO
2013-11-04 Name: The remote server is affected by multiple vulnerabilities.
File: domino_8_5_3fp5.nasl - Type: ACT_GATHER_INFO
2013-10-24 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-1451.nasl - Type: ACT_GATHER_INFO
2013-10-24 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20131022_java_1_7_0_openjdk_on_SL6_x.nasl - Type: ACT_GATHER_INFO