Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3174

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-3174
Last Modified 20 Feb 2014 11:52:14
Published 14 Jan 2013 05:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3174

Summary

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.

Vulnerable Systems

Application

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.7.0


References

CERT-VN - VU#625617

MISC - https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013

CONFIRM - http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html

MISC - http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html

MISC - http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/

MISC - http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/

MISC - http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html

MISC - http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html

UBUNTU - USN-1693-1

REDHAT - RHSA-2013:0156

REDHAT - RHSA-2013:0165

SUSE - openSUSE-SU-2013:0199

MANDRIVA - MDVSA-2013:095

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018

MISC - http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/

Related Patches

Oracle Java JRE 1.7.0_11 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_11 for Mac OS X (Update)

Oracle Java JRE 1.7.0_11 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Red Hat 2013:0165-01 RHSA Important: java-1.7.0-openjdk security update for RHEL 5 x86

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64


Last Updated: 27 May 2016 10:58:31