This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-06-16
Product Jre Last view 2016-02-08
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:jre:1.7.0:update_45:*:*:*:*:*:* 3
cpe:2.3:a:oracle:jre:1.6.0:update_65:*:*:*:*:*:* 3
cpe:2.3:a:oracle:jre:1.6.0:update_111:*:*:*:*:*:* 3
cpe:2.3:a:oracle:jre:1.6.0:update_81:*:*:*:*:*:* 3
cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_75:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.4.2_38:*:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_38:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_71:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.4.2_40:*:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_40:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_65:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_51:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update_67:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_39:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_41:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_51:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_71:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_45:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_85:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_60:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_10:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_19:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_75:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_61:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.5.0:update_36:*:*:*:*:*:* 2
cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
7.6 2016-02-08 CVE-2016-0603

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."

7.6 2014-10-15 CVE-2014-6492

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

9.3 2014-01-15 CVE-2014-0408

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

7.6 2014-01-15 CVE-2014-0387

Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

10 2013-01-31 CVE-2013-1489

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

5 2012-11-28 CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

2.1 2012-06-16 CVE-2012-1717

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-310 Cryptographic Issues

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:19890 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:16508 DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) c...
oval:org.mitre.oval:def:20947 RHSA-2013:0237: java-1.7.0-oracle security update (Critical)
oval:org.mitre.oval:def:19171 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:15906 Unspecified vulnerability in the Java Runtime Environment (JRE) component in ...
oval:org.mitre.oval:def:23784 ELSA-2013:0237: java-1.7.0-oracle security update (Critical)
oval:org.mitre.oval:def:24269 Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when runni...
oval:org.mitre.oval:def:27938 IBM SDK Java Technology Edition vulnerability
oval:org.mitre.oval:def:29011 JRE and JDK Vulnerability on HPUX

OpenVAS Exploits

id Description
2012-12-13 Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk)
File : nvt/gb_suse_2012_0828_1.nasl
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl
2012-09-06 Name : Ubuntu Update for icedtea-web USN-1505-2
File : nvt/gb_ubuntu_USN_1505_2.nasl
2012-08-30 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9590
File : nvt/gb_fedora_2012_9590_java-1.7.0-openjdk_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2507-1 (openjdk-6)
File : nvt/deb_2507_1.nasl
2012-08-03 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:095 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2012_095.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:0729 centos6
File : nvt/gb_CESA-2012_0729_java_centos6.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:0730 centos5
File : nvt/gb_CESA-2012_0730_java_centos5.nasl
2012-07-30 Name : CentOS Update for java CESA-2012:1009 centos6
File : nvt/gb_CESA-2012_1009_java_centos6.nasl
2012-07-16 Name : Ubuntu Update for openjdk-6 USN-1505-1
File : nvt/gb_ubuntu_USN_1505_1.nasl
2012-06-22 Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1009-01
File : nvt/gb_RHSA-2012_1009-01_java-1.7.0-openjdk.nasl
2012-06-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541
File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl
2012-06-19 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545
File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl
2012-06-19 Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593
File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl
2012-06-15 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0729-01
File : nvt/gb_RHSA-2012_0729-01_java-1.6.0-openjdk.nasl
2012-06-15 Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0730-01
File : nvt/gb_RHSA-2012_0730-01_java-1.6.0-openjdk.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0010 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0043398
2012-A-0153 Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity: Category I - VMSKEY: V0033884
2012-A-0146 Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity: Category I - VMSKEY: V0033792

Snort® IPS/IDS

Date Description
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older
RuleID : 30009 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8...
RuleID : 30008 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7...
RuleID : 30007 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6...
RuleID : 30006 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java befor...
RuleID : 30005 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17
RuleID : 30004 - Type : EXPLOIT-KIT - Revision : 3
2018-06-15 Hello/LightsOut exploit kit payload download attempt
RuleID : 30003-community - Type : EXPLOIT-KIT - Revision : 6
2014-04-03 Hello/LightsOut exploit kit payload download attempt
RuleID : 30003 - Type : EXPLOIT-KIT - Revision : 6
2014-04-03 Hello/LightsOut exploit kit Java download attempt
RuleID : 30002 - Type : EXPLOIT-KIT - Revision : 3
2014-04-03 Hello/LightsOut exploit kit landing page detected
RuleID : 30001 - Type : EXPLOIT-KIT - Revision : 3
2014-01-10 Oracle Java Security Slider feature bypass attempt
RuleID : 27766 - Type : BROWSER-PLUGINS - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-10-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201610-08.nasl - Type: ACT_GATHER_INFO
2016-02-16 Name: The remote Windows host contains a programming platform that is affected by a...
File: oracle_java_installer_CVE-2016-0603.nasl - Type: ACT_GATHER_INFO
2015-02-25 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-0264.nasl - Type: ACT_GATHER_INFO
2015-02-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO
2014-12-01 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_6_0-ibm-141119.nasl - Type: ACT_GATHER_INFO
2014-12-01 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_7_0-ibm-141121.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote AIX host has a version of Java SDK installed that is affected by m...
File: aix_java_oct2014_advisory.nasl - Type: ACT_GATHER_INFO
2014-11-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1882.nasl - Type: ACT_GATHER_INFO
2014-11-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1880.nasl - Type: ACT_GATHER_INFO
2014-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1876.nasl - Type: ACT_GATHER_INFO
2014-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1877.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_java-1_7_0-openjdk-141024.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1332.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1658.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0982.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-1657.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Windows host contains a programming platform that is affected by m...
File: oracle_java_cpu_oct_2014.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Unix host contains a programming platform that is affected by mult...
File: oracle_java_cpu_oct_2014_unix.nasl - Type: ACT_GATHER_INFO
2014-07-30 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0705.nasl - Type: ACT_GATHER_INFO
2014-07-28 Name: The remote AIX host has a version of Java SDK installed that is potentially a...
File: aix_java_jan2014_advisory.nasl - Type: ACT_GATHER_INFO
2014-06-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-368.nasl - Type: ACT_GATHER_INFO