CVE-2012-1541

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.

References

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://marc.info/?l=bugtraq&m=136733161405818&w=2

http://rhn.redhat.com/errata/RHSA-2013-0236.html

http://rhn.redhat.com/errata/RHSA-2013-0237.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://www.kb.cert.org/vuls/id/858729

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

http://www.securityfocus.com/bid/57697

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1018

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16384

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19070

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19499

Details

Source: MITRE

Published: 2013-02-02

Updated: 2017-09-19

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
78976RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)NessusRed Hat Local Security Checks
critical
78975RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)NessusRed Hat Local Security Checks
critical
72139GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)NessusGentoo Local Security Checks
critical
71861IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)NessusWindows
critical
71859IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)NessusMisc.
critical
70744IBM Notes 8.5.x < 8.5.3 FP5 Multiple VulnerabilitiesNessusWindows
critical
70743IBM Domino 8.5.x < 8.5.3 FP5 Multiple VulnerabilitiesNessusWindows
critical
70742IBM Domino 8.5.x < 8.5.3 FP 5 Multiple VulnerabilitiesNessusMisc.
critical
65597SuSE 11.2 Security Update : Java (SAT Patch Number 7481)NessusSuSE Local Security Checks
critical
65570SuSE 10 Security Update : Java (ZYPP Patch Number 8495)NessusSuSE Local Security Checks
critical
65246SuSE 11.2 Security Update : Java (SAT Patch Number 7454)NessusSuSE Local Security Checks
critical
65204RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)NessusRed Hat Local Security Checks
critical
65203RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0625)NessusRed Hat Local Security Checks
critical
64850Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)NessusMisc.
critical
64639Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1724-1)NessusUbuntu Local Security Checks
critical
64605Scientific Linux Security Update : jdk-1.6.0 on SL 5.0 - 5.8 (i386 x86_64) (20130205)NessusScientific Linux Local Security Checks
critical
64468RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0237)NessusRed Hat Local Security Checks
critical
64467RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0236)NessusRed Hat Local Security Checks
critical
64454Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)NessusWindows
critical
6685Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)Nessus Network MonitorWeb Clients
critical