Oracle Java SE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
|
|
SecurityTracker Alert ID: 1026687 |
|
SecurityTracker URL: http://securitytracker.com/id/1026687
|
|
CVE Reference:
CVE-2011-3563, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0508
(Links to External Site)
|
Updated: Apr 4 2012
|
Original Entry Date: Feb 14 2012
|
Impact:
Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior
|
Description:
Multiple vulnerabilities were reported in Oracle Java SE. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to execute arbitrary code on the target system or cause complete denial of service conditions. The Java 2D [CVE-2012-0497, CVE-2012-0498, CVE-2012-0499], deploy [CVE-2012-0500], and install [CVE-2012-0504] components are affected.
JavaFX is also affected [CVE-2012-0508].
A remote user can partially access and modify data and partially deny service on the target system. The I18n [CVE-2012-0503] and serialization [CVE-2012-0505] components are affected.
A remote user can partially access data and partially deny service on the target system. The AWT [CVE-2012-0502] and sound [CVE-2011-3563] components are affected.
A remote user can cause partial denial of service conditions on the target system. The JRE component is affected [CVE-2012-0501].
A remote user can partially modify data on the target system. The CORBA component is affected [CVE-2012-0506].
A remote user can partially access and modify data and partially deny service on the target system [CVE-2012-0507]. The Concurrancy component is affected.
The following researchers reported these vulnerabilities:
Alin Rad Pop (binaryproof) via Tipping Point's Zero Day Initiative; an Anonymous Reporter via iDefense; an Anonymous Reporter of TippingPoint's Zero Day Initiative; TELUS Security Labs; Chris Ries via TippingPoint; Doug Lea of OSWEGO State University of New York; Jeroen Frijters; Peter Vreugdenhil of TippingPoint DVLabs; and Timo Warns of PRESENSE Technologies.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 14 Feb 2012 22:18:44 +0000
Subject: Java
|
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
CVE-2011-3563
CVE-2011-3571
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0504
CVE-2012-0505
CVE-2012-0506
CVE-2012-0508
|
|
