Alpine: openjdk6: security update to 1.6.0-r5

medium Tenable Cloud Security Plugin ID 435811

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013
CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the
Java sandbox using "method handle intrinsic frames." (CVE-2013-2431)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and
earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote
attackers to affect confidentiality via unknown vectors related to Libraries. (CVE-2012-3216)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and
earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Hotspot. (CVE-2012-4416)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and
earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries. (CVE-2012-5068)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and
earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Concurrency. (CVE-2012-5069)

Plugin Details

Severity: Medium

ID: 435811

Version: Revision 1.4

Type: Local

Family: Alpine Linux Local Security Checks

Published: 10/28/2025

Updated: 11/4/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2431

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2012-5081

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/26/2013

Vulnerability Publication Date: 9/11/2012

Exploitable With

Core Impact

Metasploit (Java CMM Remote Code Execution)

Reference Information

CVE: CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5081, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089, CVE-2013-0169, CVE-2013-0401, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0450, CVE-2013-0809, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1486, CVE-2013-1488, CVE-2013-1493, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431

BID: 55501, 56039, 56058, 56059, 56061, 56063, 56065, 56067, 56071, 56075, 56076, 56080, 56081, 56083, 57686, 57687, 57691, 57692, 57694, 57696, 57702, 57703, 57709, 57710, 57711, 57712, 57713, 57715, 57719, 57724, 57727, 57729, 57730, 57778, 58029, 58238, 58296, 58504, 58507, 59131, 59141, 59153, 59159, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59228, 59243

Detections

Analytics