SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
(HP Issues Fix for HP-UX) Oracle Java Runtime Environment (JRE) Bugs Let Remote Users Gain Full Control of the Target System
SecurityTracker Alert ID:  1027892
SecurityTracker URL:  http://securitytracker.com/id/1027892
CVE Reference:   CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5078, CVE-2012-5079, CVE-2012-5080, CVE-2012-5081, CVE-2012-5082, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089   (Links to External Site)
Date:  Dec 17 2012
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.2_38 and prior, 5.0 Update 36 and prior, 6 Update 35, 7 Update 7 and prior
Description:   Multiple vulnerabilities were reported in Oracle Java Runtime Environment (JRE). A remote user can take full control of the target system. A remote user can access and modify data and cause partial denial of service conditions on the target system.

A remote user can create specially crafted content that, when loaded by the target user, will take full control of the target system [CVE-2012-5083, CVE-2012-1531, CVE-2012-5086, CVE-2012-5087, CVE-2012-1533, CVE-2012-1532, CVE-2012-5076, CVE-2012-3143, CVE-2012-5088, CVE-2012-5078, CVE-2012-5089, CVE-2012-5084, CVE-2012-5080].

A remote user can partially access and modify data and cause partial denial of service conditions on the target system [CVE-2012-3159, CVE-2012-5068].

A remote user can partially access and modify data on the target system [CVE-2012-4416, CVE-2012-5074, CVE-2012-5071, CVE-2012-5069].

A remote user can partially access data on the target system [CVE-2012-5067, CVE-2012-5070, CVE-2012-5075, CVE-2012-5072, CVE-2012-3216, CVE-2012-5077].

A remote user can partially modify data on the target system [CVE-2012-5073, CVE-2012-5079].

A remote user can cause partial denial of service conditions on the target system [CVE-2012-5081, CVE-2012-5082].

An unspecified flaw exists in Gopher [CVE-2012-5085].

The following researchers reported these and other Oracle vulnerabilities:

Adam Gowdiak of Security Explorations; an Anonymous Reporter via iDefense; Chris Ries via iDefense; Christopher Meyer of Ruhr-University Bochum; Eugen Weiss of Ruhr-University Bochum; Juraj Somorovsky of Ruhr-University Bochum; and RH0 via iDefense.

Impact:   A remote user can take full control of the target system.

A remote user can access and modify data on the target system.

A remote user can cause partial denial of service conditions on the target system.

Solution:   HP has issued a fix for HP-UX.

The HP advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03595351

Vendor URL:  www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (HP/UX)
Underlying OS Comments:  11.11, 11.23, and 11.31

Message History:   This archive entry is a follow-up to the message listed below.
Oct 17 2012 Oracle Java Runtime Environment (JRE) Bugs Let Remote Users Gain Full Control of the Target System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC