This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-02-15
Product Jdk Last view 2017-12-29
Version 1.7.0 Type Application
Update update25_b33  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:jdk

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2017-12-29 CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

2.6 2013-10-16 CVE-2013-5854

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.

7.6 2013-10-16 CVE-2013-5852

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.

5 2013-10-16 CVE-2013-5851

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.

9.3 2013-10-16 CVE-2013-5850

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.

4.3 2013-10-16 CVE-2013-5849

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.

5 2013-10-16 CVE-2013-5848

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

9.3 2013-10-16 CVE-2013-5846

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

9.3 2013-10-16 CVE-2013-5844

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

10 2013-10-16 CVE-2013-5843

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10 2013-10-16 CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.

5 2013-10-16 CVE-2013-5840

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

9.3 2013-10-16 CVE-2013-5838

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3 2013-10-16 CVE-2013-5832

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.

5 2013-10-16 CVE-2013-5831

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.

10 2013-10-16 CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10 2013-10-16 CVE-2013-5829

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.

5 2013-10-16 CVE-2013-5825

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.

10 2013-10-16 CVE-2013-5824

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.

5 2013-10-16 CVE-2013-5823

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

5 2013-10-16 CVE-2013-5820

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.

5 2013-10-16 CVE-2013-5819

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.

5 2013-10-16 CVE-2013-5818

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831.

10 2013-10-16 CVE-2013-5817

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.

10 2013-10-16 CVE-2013-5814

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-310 Cryptographic Issues
33% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

SAINT Exploits

Description Link
Java JAX-WS gmbal package sandbox breach More info here
Java JAX-WS statistics.impl package sandbox breach More info here
Oracle Java java.awt.image.ByteComponentRaster Overflow More info here
Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion More info here
Oracle Java Runtime Environment AWT storeImageArray Vulnerability More info here
Java Runtime Environment Hotspot final field vulnerability More info here
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow More info here
Java Runtime Environment Color Management memory overwrite More info here
Oracle Java findMethod findClass Security Bypass More info here
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability More info here

ExploitDB Exploits

id Description
28050 Oracle Java lookUpByteBI - Heap Buffer Overflow
27705 Java storeImageArray() Invalid Array Indexing Vulnerability
26529 Java Applet ProviderSkeleton Insecure Invoke Method
24966 Java Web Start Launcher ActiveX Control - Memory Corruption
24904 Java CMM Remote Code Execution
24309 Java Applet AverageRangeStatisticImpl Remote Code Execution
24308 Java Applet Method Handle Remote Code Execution
22657 Java Applet JAX-WS Remote Code Execution
19717 Java Applet Field Bytecode Verifier Cache Remote Code Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1424_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1423_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_1175_1.nasl
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_0828_1.nasl
2012-12-04 Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl
2012-11-02 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_169.nasl
2012-10-29 Name : Ubuntu Update for openjdk-7 USN-1619-1
File : nvt/gb_ubuntu_USN_1619_1.nasl
2012-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01
File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows)
File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln03_oct12_win.nasl
2012-10-19 Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows)
File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl
2012-10-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl
2012-10-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346
File : nvt/gb_fedora_2012_16346_java-1.7.0-openjdk_fc17.nasl
2012-10-19 Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01
File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl
2012-10-19 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01
File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1386 centos6
File : nvt/gb_CESA-2012_1386_java_centos6.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1385 centos5
File : nvt/gb_CESA-2012_1385_java_centos5.nasl
2012-10-19 Name : CentOS Update for java CESA-2012:1384 centos6
File : nvt/gb_CESA-2012_1384_java_centos6.nasl
2012-10-09 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl
2012-09-21 Name : Java for Mac OS X 10.6 Update 10
File : nvt/gb_macosx_java_10_6_upd_10.nasl
2012-09-06 Name : Ubuntu Update for icedtea-web USN-1505-2
File : nvt/gb_ubuntu_USN_1505_2.nasl
2012-09-04 Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01
File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl
2012-09-04 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01
File : nvt/gb_RHSA-2012_1222-01_java-1.6.0-openjdk.nasl
2012-09-04 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01
File : nvt/gb_RHSA-2012_1221-01_java-1.6.0-openjdk.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-B-0019 Multiple Vulnerabilities in Apache Tomcat
Severity: Category I - VMSKEY: V0044527
2013-A-0191 Multiple Vulnerabilities in Java for Mac OS X
Severity: Category I - VMSKEY: V0040779
2013-A-0200 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0040783
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0146 Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity: Category I - VMSKEY: V0033792
2012-A-0147 Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity: Category I - VMSKEY: V0033793
2012-A-0148 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0033794

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-05-21 Oracle Java privileged protection domain exploitation attempt
RuleID : 49846 - Type : FILE-JAVA - Revision : 1
2019-05-21 Oracle Java privileged protection domain exploitation attempt
RuleID : 49845 - Type : FILE-JAVA - Revision : 1
2019-03-26 Oracle Java ImagingLib buffer overflow attempt
RuleID : 49256 - Type : FILE-JAVA - Revision : 1
2019-03-26 Oracle Java ImagingLib buffer overflow attempt
RuleID : 49255 - Type : FILE-JAVA - Revision : 2
2019-03-12 Oracle Java JPEGImageWriter memory corruption attempt
RuleID : 49117 - Type : FILE-JAVA - Revision : 1
2019-03-12 Oracle Java JPEGImageWriter memory corruption attempt
RuleID : 49116 - Type : FILE-JAVA - Revision : 1
2018-04-05 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45830 - Type : SERVER-OTHER - Revision : 1
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45201 - Type : SERVER-OTHER - Revision : 2
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45200 - Type : SERVER-OTHER - Revision : 2
2018-01-17 limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
RuleID : 45199 - Type : SERVER-OTHER - Revision : 2
2016-07-28 Oracle Java RangeStatisticImpl sandbox breach attempt
RuleID : 39355 - Type : FILE-JAVA - Revision : 1
2016-07-28 Oracle Java RangeStatisticImpl sandbox breach attempt
RuleID : 39354 - Type : FILE-JAVA - Revision : 1
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38339 - Type : FILE-JAVA - Revision : 2
2016-04-26 Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38338 - Type : FILE-JAVA - Revision : 2
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37821 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37820 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37819 - Type : FILE-JAVA - Revision : 1
2016-03-24 Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt
RuleID : 37818 - Type : FILE-JAVA - Revision : 1
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37805 - Type : FILE-JAVA - Revision : 3
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37804 - Type : FILE-JAVA - Revision : 4
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37803 - Type : FILE-JAVA - Revision : 2
2016-03-22 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 37802 - Type : FILE-JAVA - Revision : 2
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 5
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3
2014-11-16 Oracle Java IntegerInterleavedRaster integer overflow attempt
RuleID : 31541 - Type : FILE-JAVA - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-06-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL48802597.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1256-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1669-1.nasl - Type: ACT_GATHER_INFO
2015-05-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-219.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3187.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2522-3.nasl - Type: ACT_GATHER_INFO
2015-03-09 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2522-2.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2522-1.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_tomcat_20140522.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10627.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1332.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1793.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO
2014-11-06 Name: The remote host has a version of Java installed that is affected by multiple ...
File: macosx_java_2014-001.nasl - Type: ACT_GATHER_INFO
2014-08-22 Name: The remote host is affected by multiple vulnerabilities.
File: juniper_nsm_jsa10642.nasl - Type: ACT_GATHER_INFO
2014-07-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0675.nasl - Type: ACT_GATHER_INFO
2014-07-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0685.nasl - Type: ACT_GATHER_INFO
2014-07-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2014-0675.nasl - Type: ACT_GATHER_INFO