National Vulnerability Database (NVD) National Vulnerability Database (CVE-2012-1531)

National Cyber Awareness System

Vulnerability Summary for CVE-2012-1531

Original release date:10/16/2012

Last revised:02/12/2013

Source: US-CERT/NIST

Overview

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Applies to client and server deployment of Java. This vulnerability can be exploited through untrusted Java Web Start applications and untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service."

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Type: Advisory; Patch Information

Hyperlink:http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

External Source: BID

Name: 56033

Hyperlink:http://www.securityfocus.com/bid/56033

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?uid=swg21621154

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg21621154

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?uid=swg21616490

Hyperlink:http://www-01.ibm.com/support/docview.wss?uid=swg21616490

External Source: REDHAT

Name: RHSA-2012:1467

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1467.html

External Source: REDHAT

Name: RHSA-2012:1466

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1466.html

External Source: REDHAT

Name: RHSA-2012:1465

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1465.html

External Source: REDHAT

Name: RHSA-2012:1392

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1392.html

External Source: REDHAT

Name: RHSA-2012:1391

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-1391.html

External Source: HP

Name: HPSBOV02833

Hyperlink:http://marc.info/?l=bugtraq&m=135758563611658&w=2

External Source: HP

Name: SSRT101043

Hyperlink:http://marc.info/?l=bugtraq&m=135758563611658&w=2

External Source: HP

Name: HPSBUX02832

Hyperlink:http://marc.info/?l=bugtraq&m=135542848327757&w=2

External Source: HP

Name: SSRT101042

Hyperlink:http://marc.info/?l=bugtraq&m=135542848327757&w=2

External Source: SUSE

Name: SUSE-SU-2012:1595

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html

External Source: SUSE

Name: SUSE-SU-2012:1489

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html

External Source: SUSE

Name: SUSE-SU-2012:1398

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Vulnerable software and versions

Configuration 1

* cpe:/a:oracle:javafx:2.2 and previous versions

* cpe:/a:oracle:javafx:2.1

* cpe:/a:oracle:javafx:2.0.3

* cpe:/a:oracle:javafx:2.0.2

* cpe:/a:oracle:javafx:2.0

* cpe:/a:oracle:javafx:1.3.1

* cpe:/a:oracle:javafx:1.3.0

* cpe:/a:oracle:javafx:1.2.3

* cpe:/a:oracle:javafx:1.2.2

* cpe:/a:oracle:javafx:1.2

Configuration 2

* cpe:/a:oracle:jre:1.7.0:update6

* cpe:/a:oracle:jre:1.7.0:update5

* cpe:/a:oracle:jre:1.7.0:update4

* cpe:/a:oracle:jre:1.7.0

* cpe:/a:oracle:jre:1.7.0:update2

* cpe:/a:oracle:jre:1.7.0:update1

* cpe:/a:oracle:jre:1.7.0:update3

* cpe:/a:oracle:jdk:1.7.0:update7 and previous versions

* cpe:/a:oracle:jre:1.7.0:update7 and previous versions

* cpe:/a:oracle:jdk:1.7.0:update5

* cpe:/a:oracle:jdk:1.7.0:update4

* cpe:/a:oracle:jdk:1.7.0:update6

* cpe:/a:oracle:jdk:1.7.0:update3

* cpe:/a:oracle:jdk:1.7.0

* cpe:/a:oracle:jdk:1.7.0:update2

* cpe:/a:oracle:jdk:1.7.0:update1

Configuration 3

* cpe:/a:oracle:jre:1.6.0:update_31

* cpe:/a:sun:jre:1.6.0:update_21

* cpe:/a:sun:jre:1.6.0:update_20

* cpe:/a:sun:jre:1.6.0:update_19

* cpe:/a:oracle:jre:1.6.0:update_22

* cpe:/a:oracle:jre:1.6.0:update_23

* cpe:/a:oracle:jre:1.6.0:update_24

* cpe:/a:oracle:jre:1.6.0:update_25

* cpe:/a:oracle:jre:1.6.0:update_26

* cpe:/a:oracle:jre:1.6.0:update_27

* cpe:/a:oracle:jre:1.6.0:update_29

* cpe:/a:oracle:jre:1.6.0:update_30

* cpe:/a:sun:jre:1.6.0:update_2

* cpe:/a:sun:jre:1.6.0:update_1

* cpe:/a:sun:jre:1.6.0:update_7

* cpe:/a:sun:jre:1.6.0:update_10

* cpe:/a:sun:jre:1.6.0:update_4

* cpe:/a:sun:jre:1.6.0:update_3

* cpe:/a:sun:jre:1.6.0:update_6

* cpe:/a:sun:jre:1.6.0:update_5

* cpe:/a:sun:jre:1.6.0:update_16

* cpe:/a:sun:jre:1.6.0:update_15

* cpe:/a:sun:jre:1.6.0:update_12

* cpe:/a:sun:jre:1.6.0:update_11

* cpe:/a:sun:jre:1.6.0:update_14

* cpe:/a:sun:jre:1.6.0

* cpe:/a:sun:jre:1.6.0:update_13

* cpe:/a:sun:jre:1.6.0:update_17

* cpe:/a:sun:jre:1.6.0:update_18

* cpe:/a:oracle:jre:1.6.0:update_32

* cpe:/a:oracle:jre:1.6.0:update_33

* cpe:/a:oracle:jre:1.6.0:update_34

* cpe:/a:oracle:jre:1.6.0:update_35 and previous versions

* cpe:/a:oracle:jdk:1.6.0:update_31

* cpe:/a:oracle:jdk:1.6.0:update_30

* cpe:/a:oracle:jdk:1.6.0:update_29

* cpe:/a:oracle:jdk:1.6.0:update_27

* cpe:/a:oracle:jdk:1.6.0:update_26

* cpe:/a:oracle:jdk:1.6.0:update_25

* cpe:/a:oracle:jdk:1.6.0:update_24

* cpe:/a:oracle:jdk:1.6.0:update_23

* cpe:/a:oracle:jdk:1.6.0:update_22

* cpe:/a:sun:jdk:1.6.0.210:update21

* cpe:/a:sun:jdk:1.6.0.200:update20

* cpe:/a:sun:jdk:1.6.0:update_19

* cpe:/a:sun:jdk:1.6.0:update_18

* cpe:/a:sun:jdk:1.6.0:update_17

* cpe:/a:sun:jdk:1.6.0:update_16

* cpe:/a:sun:jdk:1.6.0:update_15

* cpe:/a:sun:jdk:1.6.0:update_14

* cpe:/a:sun:jdk:1.6.0:update_13

* cpe:/a:sun:jdk:1.6.0:update_12

* cpe:/a:sun:jdk:1.6.0:update_11

* cpe:/a:sun:jdk:1.6.0:update_10

* cpe:/a:sun:jdk:1.6.0:update_7

* cpe:/a:sun:jdk:1.6.0:update_6

* cpe:/a:sun:jdk:1.6.0:update_5

* cpe:/a:sun:jdk:1.6.0:update_4

* cpe:/a:sun:jdk:1.6.0:update_3

* cpe:/a:sun:jdk:1.6.0:update2

* cpe:/a:sun:jdk:1.6.0:update1_b06

* cpe:/a:sun:jdk:1.6.0:update1

* cpe:/a:oracle:jdk:1.6.0:update_32

* cpe:/a:oracle:jdk:1.6.0:update_33

* cpe:/a:oracle:jdk:1.6.0:update_34

* cpe:/a:oracle:jdk:1.6.0:update_35 and previous versions

Configuration 4

* cpe:/a:oracle:jre:1.5.0:update_36 and previous versions

* cpe:/a:sun:jre:1.5.0:update33

* cpe:/a:sun:jre:1.5.0:update31

* cpe:/a:sun:jre:1.5.0:update29

* cpe:/a:sun:jre:1.5.0:update28

* cpe:/a:sun:jre:1.5.0:update27

* cpe:/a:sun:jre:1.5.0:update26

* cpe:/a:sun:jre:1.5.0:update25

* cpe:/a:sun:jre:1.5.0:update24

* cpe:/a:sun:jre:1.5.0:update23

* cpe:/a:sun:jre:1.5.0:update22

* cpe:/a:sun:jre:1.5.0:update21

* cpe:/a:sun:jre:1.5.0:update20

* cpe:/a:sun:jre:1.5.0:update19

* cpe:/a:sun:jre:1.5.0:update18

* cpe:/a:sun:jre:1.5.0:update17

* cpe:/a:sun:jre:1.5.0:update16

* cpe:/a:sun:jre:1.5.0:update15

* cpe:/a:sun:jre:1.5.0:update14

* cpe:/a:sun:jre:1.5.0:update13

* cpe:/a:sun:jre:1.5.0:update12

* cpe:/a:sun:jre:1.5.0:update11

* cpe:/a:sun:jre:1.5.0:update10

* cpe:/a:sun:jre:1.5.0:update9

* cpe:/a:sun:jre:1.5.0:update8

* cpe:/a:sun:jre:1.5.0:update7

* cpe:/a:sun:jre:1.5.0:update6

* cpe:/a:sun:jre:1.5.0:update5

* cpe:/a:sun:jre:1.5.0:update4

* cpe:/a:sun:jre:1.5.0:update3

* cpe:/a:sun:jre:1.5.0:update2

* cpe:/a:sun:jre:1.5.0:update1

* cpe:/a:sun:jre:1.5.0

* cpe:/a:oracle:jdk:1.5.0:update_36 and previous versions

* cpe:/a:sun:jdk:1.5.0:update22

* cpe:/a:sun:jdk:1.5.0

* cpe:/a:sun:jdk:1.5.0:update7_b03

* cpe:/a:sun:jdk:1.5.0:update5

* cpe:/a:sun:jdk:1.5.0:update4

* cpe:/a:sun:jdk:1.5.0:update23

* cpe:/a:sun:jdk:1.5.0:update3

* cpe:/a:sun:jdk:1.5.0:update11

* cpe:/a:sun:jdk:1.5.0:update10

* cpe:/a:sun:jdk:1.5.0:update6

* cpe:/a:sun:jdk:1.5.0:update11_b03

* cpe:/a:sun:jdk:1.5.0:update31

* cpe:/a:sun:jdk:1.5.0:update33

* cpe:/a:sun:jdk:1.5.0:update19

* cpe:/a:sun:jdk:1.5.0:update12

* cpe:/a:sun:jdk:1.5.0:update18

* cpe:/a:sun:jdk:1.5.0:update1

* cpe:/a:sun:jdk:1.5.0:update21

* cpe:/a:sun:jdk:1.5.0:update2

* cpe:/a:sun:jdk:1.5.0:update20

* cpe:/a:sun:jdk:1.5.0:update15

* cpe:/a:sun:jdk:1.5.0:update25

* cpe:/a:sun:jdk:1.5.0:update14

* cpe:/a:sun:jdk:1.5.0:update24

* cpe:/a:sun:jdk:1.5.0:update17

* cpe:/a:sun:jdk:1.5.0:update16

* cpe:/a:sun:jdk:1.5.0:update13

* cpe:/a:sun:jdk:1.5.0:update27

* cpe:/a:sun:jdk:1.5.0:update26

* cpe:/a:sun:jdk:1.5.0:update8

* cpe:/a:sun:jdk:1.5.0:update7

* cpe:/a:sun:jdk:1.5.0:update9

* cpe:/a:sun:jdk:1.5.0:update28

* cpe:/a:sun:jdk:1.5.0:update29

Configuration 5

* cpe:/a:sun:jre:1.4.2_1

* cpe:/a:sun:jre:1.4.2_2

* cpe:/a:sun:jre:1.4.2_3

* cpe:/a:sun:jre:1.4.2_4

* cpe:/a:sun:jre:1.4.2_5

* cpe:/a:sun:jre:1.4.2_6

* cpe:/a:sun:jre:1.4.2_7

* cpe:/a:sun:jre:1.4.2_8

* cpe:/a:sun:jre:1.4.2_9

* cpe:/a:sun:jre:1.4.2_10

* cpe:/a:sun:jre:1.4.2_11

* cpe:/a:sun:jre:1.4.2_12

* cpe:/a:sun:jre:1.4.2_13

* cpe:/a:sun:jre:1.4.2_14

* cpe:/a:sun:jre:1.4.2_15

* cpe:/a:sun:jre:1.4.2_16

* cpe:/a:sun:jre:1.4.2_17

* cpe:/a:sun:jre:1.4.2_18

* cpe:/a:sun:jre:1.4.2_19

* cpe:/a:sun:jre:1.4.2_20

* cpe:/a:sun:jre:1.4.2_21

* cpe:/a:sun:jre:1.4.2_22

* cpe:/a:sun:jre:1.4.2_23

* cpe:/a:sun:jre:1.4.2_24

* cpe:/a:sun:jre:1.4.2_25

* cpe:/a:sun:jre:1.4.2_26

* cpe:/a:sun:jre:1.4.2_27

* cpe:/a:sun:jre:1.4.2_28

* cpe:/a:sun:jre:1.4.2_29

* cpe:/a:sun:jre:1.4.2_30

* cpe:/a:sun:jre:1.4.2_31

* cpe:/a:sun:jre:1.4.2_32

* cpe:/a:sun:jre:1.4.2_33

* cpe:/a:sun:jre:1.4.2_34

* cpe:/a:sun:jre:1.4.2_35

* cpe:/a:sun:jre:1.4.2_36

* cpe:/a:oracle:jre:1.4.2_38 and previous versions

* cpe:/a:sun:jre:1.4.2_37

* cpe:/a:sun:jdk:1.4.2

* cpe:/a:sun:jdk:1.4.2_1

* cpe:/a:sun:jdk:1.4.2_2

* cpe:/a:sun:jdk:1.4.2_3

* cpe:/a:sun:jdk:1.4.2_4

* cpe:/a:sun:jdk:1.4.2_5

* cpe:/a:sun:jdk:1.4.2_6

* cpe:/a:sun:jdk:1.4.2_7

* cpe:/a:sun:jdk:1.4.2_8

* cpe:/a:sun:jdk:1.4.2_9

* cpe:/a:sun:jdk:1.4.2_10

* cpe:/a:sun:jdk:1.4.2_11

* cpe:/a:sun:jdk:1.4.2_12

* cpe:/a:sun:jdk:1.4.2_13

* cpe:/a:sun:jdk:1.4.2_14

* cpe:/a:sun:jdk:1.4.2_15

* cpe:/a:sun:jdk:1.4.2_16

* cpe:/a:sun:jdk:1.4.2_17

* cpe:/a:sun:jdk:1.4.2_18

* cpe:/a:sun:jdk:1.4.2_19

* cpe:/a:sun:jdk:1.4.2_22

* cpe:/a:sun:jdk:1.4.2_23

* cpe:/a:sun:jdk:1.4.2_25

* cpe:/a:sun:jdk:1.4.2_26

* cpe:/a:sun:jdk:1.4.2_27

* cpe:/a:sun:jdk:1.4.2_28

* cpe:/a:sun:jdk:1.4.2_29

* cpe:/a:sun:jdk:1.4.2_30

* cpe:/a:sun:jdk:1.4.2_31

* cpe:/a:sun:jdk:1.4.2_32

* cpe:/a:sun:jdk:1.4.2_33

* cpe:/a:sun:jdk:1.4.2_34

* cpe:/a:sun:jdk:1.4.2_35

* cpe:/a:sun:jdk:1.4.2_36

* cpe:/a:sun:jdk:1.4.2_37

* cpe:/a:oracle:jdk:1.4.2_38 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Insufficient Information (NVD-CWE-noinfo)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531