Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2012-02-15 |
| Product | Jdk | Last view | 2017-12-29 |
| Version | 1.7.0 | Type | Application |
| Update | update60 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:oracle:jdk | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.3 | 2017-12-29 | CVE-2013-4578 | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. |
| 2.6 | 2014-10-15 | CVE-2014-6558 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. |
| 4.3 | 2014-10-15 | CVE-2014-6531 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
| 5 | 2014-10-15 | CVE-2014-6519 | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. |
| 5 | 2014-10-15 | CVE-2014-6517 | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. |
| 10 | 2014-10-15 | CVE-2014-6513 | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. |
| 4.3 | 2014-10-15 | CVE-2014-6512 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. |
| 6.8 | 2014-10-15 | CVE-2014-6506 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
| 5 | 2014-10-15 | CVE-2014-6504 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. |
| 2.6 | 2014-10-15 | CVE-2014-6502 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. |
| 4 | 2014-10-15 | CVE-2014-6457 | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. |
| 5 | 2014-07-17 | CVE-2014-4268 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. |
| 5 | 2014-07-17 | CVE-2014-4266 | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. |
| 5 | 2014-07-17 | CVE-2014-4265 | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. |
| 5 | 2014-07-17 | CVE-2014-4264 | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. |
| 4 | 2014-07-17 | CVE-2014-4263 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." |
| 9.3 | 2014-07-17 | CVE-2014-4262 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
| 5 | 2014-07-17 | CVE-2014-4252 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. |
| 4 | 2014-07-17 | CVE-2014-4244 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. |
| 10 | 2014-07-17 | CVE-2014-4227 | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
| 9.3 | 2014-07-17 | CVE-2014-4223 | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. |
| 4.3 | 2014-07-17 | CVE-2014-4221 | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
| 5 | 2014-07-17 | CVE-2014-4220 | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. |
| 9.3 | 2014-07-17 | CVE-2014-4219 | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
| 5 | 2014-07-17 | CVE-2014-4218 | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-310 | Cryptographic Issues |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
SAINT Exploits
| Description | Link |
|---|---|
| Java JAX-WS gmbal package sandbox breach | More info here |
| Java JAX-WS statistics.impl package sandbox breach | More info here |
| Oracle Java java.awt.image.ByteComponentRaster Overflow | More info here |
| Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion | More info here |
| Oracle Java Runtime Environment AWT storeImageArray Vulnerability | More info here |
| Java Runtime Environment Hotspot final field vulnerability | More info here |
| Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow | More info here |
| Java Runtime Environment Color Management memory overwrite | More info here |
| Oracle Java findMethod findClass Security Bypass | More info here |
| Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 28050 | Oracle Java lookUpByteBI - Heap Buffer Overflow |
| 27705 | Java storeImageArray() Invalid Array Indexing Vulnerability |
| 26529 | Java Applet ProviderSkeleton Insecure Invoke Method |
| 24966 | Java Web Start Launcher ActiveX Control - Memory Corruption |
| 24904 | Java CMM Remote Code Execution |
| 24309 | Java Applet AverageRangeStatisticImpl Remote Code Execution |
| 24308 | Java Applet Method Handle Remote Code Execution |
| 22657 | Java Applet JAX-WS Remote Code Execution |
| 19717 | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1424_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1423_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1175_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
| 2012-12-04 | Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl |
| 2012-11-02 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_169.nasl |
| 2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01 File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln03_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346 File : nvt/gb_fedora_2012_16346_java-1.7.0-openjdk_fc17.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01 File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01 File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1386 centos6 File : nvt/gb_CESA-2012_1386_java_centos6.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1385 centos5 File : nvt/gb_CESA-2012_1385_java_centos5.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1384 centos6 File : nvt/gb_CESA-2012_1384_java_centos6.nasl |
| 2012-10-09 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl |
| 2012-09-21 | Name : Java for Mac OS X 10.6 Update 10 File : nvt/gb_macosx_java_10_6_upd_10.nasl |
| 2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01 File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01 File : nvt/gb_RHSA-2012_1222-01_java-1.6.0-openjdk.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01 File : nvt/gb_RHSA-2012_1221-01_java-1.6.0-openjdk.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0007 | Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity: Category I - VMSKEY: V0058213 |
| 2014-A-0105 | Multiple Vulnerabilities in Oracle Java Severity: Category I - VMSKEY: V0053191 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
| 2013-A-0191 | Multiple Vulnerabilities in Java for Mac OS X Severity: Category I - VMSKEY: V0040779 |
| 2013-A-0200 | Multiple Vulnerabilities in Oracle Java Severity: Category I - VMSKEY: V0040783 |
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
| 2012-A-0146 | Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity: Category I - VMSKEY: V0033792 |
| 2012-A-0147 | Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity: Category I - VMSKEY: V0033793 |
| 2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50460 - Type : FILE-JAVA - Revision : 1 |
| 2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50459 - Type : FILE-JAVA - Revision : 1 |
| 2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49846 - Type : FILE-JAVA - Revision : 1 |
| 2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49845 - Type : FILE-JAVA - Revision : 1 |
| 2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49256 - Type : FILE-JAVA - Revision : 1 |
| 2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49255 - Type : FILE-JAVA - Revision : 2 |
| 2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49117 - Type : FILE-JAVA - Revision : 1 |
| 2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49116 - Type : FILE-JAVA - Revision : 1 |
| 2018-04-05 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45830 - Type : SERVER-OTHER - Revision : 1 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45201 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45200 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45199 - Type : SERVER-OTHER - Revision : 2 |
| 2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39355 - Type : FILE-JAVA - Revision : 1 |
| 2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39354 - Type : FILE-JAVA - Revision : 1 |
| 2016-04-26 | Oracle Java Class Loader namespace sandbox bypass attempt RuleID : 38339 - Type : FILE-JAVA - Revision : 2 |
| 2016-04-26 | Oracle Java Class Loader namespace sandbox bypass attempt RuleID : 38338 - Type : FILE-JAVA - Revision : 2 |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37821 - Type : FILE-JAVA - Revision : 1 |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37820 - Type : FILE-JAVA - Revision : 1 |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37819 - Type : FILE-JAVA - Revision : 1 |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37818 - Type : FILE-JAVA - Revision : 1 |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Type : FILE-JAVA - Revision : 3 |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Type : FILE-JAVA - Revision : 4 |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37803 - Type : FILE-JAVA - Revision : 2 |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37802 - Type : FILE-JAVA - Revision : 2 |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-06-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL48802597.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2013-1256-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2013-1669-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2014-1422-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-15 | Name: The remote Debian host is missing a security update. File: debian_DLA-219.nasl - Type: ACT_GATHER_INFO |
| 2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-96.nasl - Type: ACT_GATHER_INFO |
| 2015-03-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3187.nasl - Type: ACT_GATHER_INFO |
| 2015-03-17 | Name: The remote application server is affected by multiple vulnerabilities. File: websphere_7_0_0_37.nasl - Type: ACT_GATHER_INFO |
| 2015-03-12 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: ibm_rational_clearquest_8_0_1_6.nasl - Type: ACT_GATHER_INFO |
| 2015-03-11 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2522-3.nasl - Type: ACT_GATHER_INFO |
| 2015-03-09 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2522-2.nasl - Type: ACT_GATHER_INFO |
| 2015-03-06 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2522-1.nasl - Type: ACT_GATHER_INFO |
| 2015-02-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-0264.nasl - Type: ACT_GATHER_INFO |
| 2015-02-16 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_tomcat_20140522.nasl - Type: ACT_GATHER_INFO |
| 2014-12-22 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10627.nasl - Type: ACT_GATHER_INFO |
| 2014-12-22 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10659.nasl - Type: ACT_GATHER_INFO |
| 2014-12-16 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-772.nasl - Type: ACT_GATHER_INFO |
| 2014-12-16 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-773.nasl - Type: ACT_GATHER_INFO |
| 2014-12-12 | Name: The remote host has an update manager installed that is affected by multiple ... File: vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO |
