oval:org.mitre.oval:def:19615

Definition Id: oval:org.mitre.oval:def:19615

Oval ID:	oval:org.mitre.oval:def:19615
Title:	HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
Description:	Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-4681	Version:	10
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70 version is less than 1.7.0.03.00 AND Jdk70.JDK70-COM version is less than 1.7.0.03.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.03.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.03.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.03.00 AND Jre70.JRE70 version is less than 1.7.0.03.00 AND Jre70.JRE70-COM version is less than 1.7.0.03.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.03.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.03.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.03.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.03.00

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0236s

Facebook rss twitter linkedin mail