Sign-up

ID

VAR-201210-0063


CVE

CVE-2012-3159


TITLE

Oracle Java SE of Java Runtime Environment In Deployment Processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004958

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. (DoS) An attack may be carried out. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: 7 Update 7, 6 Update 35. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:1392-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1392.html Issue date: 2012-10-18 CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages, listed in the References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 37. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201) 856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606) 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) 865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656) 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) 865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917) 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) 865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567) 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) 867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D) 867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment) 867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment) 867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX) 867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment) 867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm x86_64: java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0547.html https://www.redhat.com/security/data/cve/CVE-2012-1531.html https://www.redhat.com/security/data/cve/CVE-2012-1532.html https://www.redhat.com/security/data/cve/CVE-2012-1533.html https://www.redhat.com/security/data/cve/CVE-2012-3143.html https://www.redhat.com/security/data/cve/CVE-2012-3159.html https://www.redhat.com/security/data/cve/CVE-2012-3216.html https://www.redhat.com/security/data/cve/CVE-2012-4416.html https://www.redhat.com/security/data/cve/CVE-2012-5068.html https://www.redhat.com/security/data/cve/CVE-2012-5069.html https://www.redhat.com/security/data/cve/CVE-2012-5071.html https://www.redhat.com/security/data/cve/CVE-2012-5072.html https://www.redhat.com/security/data/cve/CVE-2012-5073.html https://www.redhat.com/security/data/cve/CVE-2012-5075.html https://www.redhat.com/security/data/cve/CVE-2012-5077.html https://www.redhat.com/security/data/cve/CVE-2012-5079.html https://www.redhat.com/security/data/cve/CVE-2012-5081.html https://www.redhat.com/security/data/cve/CVE-2012-5083.html https://www.redhat.com/security/data/cve/CVE-2012-5084.html https://www.redhat.com/security/data/cve/CVE-2012-5085.html https://www.redhat.com/security/data/cve/CVE-2012-5086.html https://www.redhat.com/security/data/cve/CVE-2012-5089.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQgDWiXlSAg2UNWIIRAqJaAJ9JgbhUTiBVnoxljsrFIdgNbno3bACgu3Yu 2L/xJjdCuObuBeSubEBbjpo= =p6Cl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_35 Description: Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5086 CVE-2012-5089 CVE-2012-5979 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: 2ca7594a6f7849b502715e8473cf46ef73570da6 For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: eff777cdc39b4e3336b3477f60e8ad769ded8532 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQfZ+bAAoJEPefwLHPlZEwF+YP/iVGN+CqCkLf7SavQUwyTQ08 a6+I34hefvCQcLCQ4EBYOzDXUJIlcH2azcGnvQsrrgWgpoE6ykqyj4fkpwLM0nF1 CfcSGOV8hmC2ZtR2PgJLcaP4FDKyNoOqLtKY6KtZnUQNcKBYcdM/y3OON9Zc0F2/ m/nQGnm3RfuXYXzSmTwJVKjuR1MkhUfZ9N6cwYUfjQC6cQaRs4tjeezd1jaobeXZ lfk5Mo/kp3KTwAKsjdwqIThGX/UXdHQm9PnGfU9ktNv0429vKTX4VarPjyLsIeiO GcBjfzRKzWYrbzTyKqKRAmtC/TcTnGJ8AfOjCP6HedeelJEbHB3iBb4ugqHzcPGG ffZ9rZy8SMVppJyv3NeJJN86Kl3etdShmhj7maxyQUopDanpZQraaarkNlSYyLql I0z4/IGX6W4Y2HYI+5wRchSewZi9mU9tw1HFZaoINaPBynEC0jihbeT5P9olX7mL 1OrWyPMPeaXtD9VRaSlV1WwPojJp26XrcWFUu6gqCOWRTzL0h83hNJrQJwTW7PrT g6ryifMGItMkmOuINyniuUbz1PcOiQZ5VhtQn8XbvjX4BpGS6GJ4IAJ0rv9nSeON PGv6JcpEAdjEdsChnDTGGTyUzQSN+HU/KTd7Jngg/Bu1v96ZAqrmVzFVkZi+6dtN 8KhhmiZ54RdiudmsUgFu =TWGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03595351 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03595351 Version: 1 HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-12-12 Last Updated: 2012-12-12 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v7.0.03, v6.0.16 and v5.0.26 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5073 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0 CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 NOTE: The following apply to both v7.0.03 and v6.0.16 and earlier: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5089 NOTE: The following apply to v5.0.26 and earlier: CVE-2012-1531, CVE-2012-3143, CVE-2012-3216, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5089 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.04 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.17 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.27 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.04 or subsequent For Java v6.0 update to Java v6.0.17 or subsequent For Java v5.0 update to Java v5.0.27 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.27.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.27.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 12 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1619-1 October 26, 2012 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070) Vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088) A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081) Please see the following for more information: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1 icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1 Ubuntu 11.10: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1 Ubuntu 11.04: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes

Trust: 2.52

sources: NVD: CVE-2012-3159 // JVNDB: JVNDB-2012-004958 // BID: 56072 // PACKETSTORM: 117478 // PACKETSTORM: 118140 // PACKETSTORM: 117455 // PACKETSTORM: 118835 // PACKETSTORM: 117477 // PACKETSTORM: 117704 // PACKETSTORM: 118142

AFFECTED PRODUCTS

vendor:oraclemodel:jdkscope:eqversion:1.6.0

Trust: 1.6

vendor:sunmodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:jrescope:lteversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:lteversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:lteversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0.200

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0.210

Trust: 1.0

vendor:oraclemodel:jrescope:lteversion:1.6.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jre 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 12scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.7

Trust: 0.9

vendor:sunmodel:jre 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 14scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 02scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 01scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 14scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 11scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdkscope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 20scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 02scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 22scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdkscope:eqversion:1.7

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 22scope: - version: -

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8 and later

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7 and later

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:6 update 35

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:7 update 7

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:6 update 35

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:7 update 7

Trust: 0.8

vendor:sunmodel:jre 1.6.0 20scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.6.0 2scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.6.0 01scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 01-b06scope:eqversion:1.6

Trust: 0.6

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 0.3

vendor:vmwaremodel:vcenter update managerscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:vcenter update managerscope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:4.1

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise java sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise java sp4scope:eqversion:10

Trust: 0.3

vendor:sunmodel:jdk 1.6.0 01-b06scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 01scope:eqversion:1.6

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:eqversion:3.27.0

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:6)5.5

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:5)5.5

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.1

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.1.0.3

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.5

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.4

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.3

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.1

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.2

Trust: 0.3

vendor:ibmmodel:websphere ilog jrulesscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli monitoringscope:eqversion:6.2.3

Trust: 0.3

vendor:ibmmodel:tivoli monitoringscope:eqversion:6.2.2

Trust: 0.3

vendor:ibmmodel:tivoli monitoringscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:tivoli monitoringscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:rational system architectscope:eqversion:11.4.2.1

Trust: 0.3

vendor:ibmmodel:rational synergyscope:eqversion:7.1.0.6

Trust: 0.3

vendor:ibmmodel:rational service testerscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:rational performance testerscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0.6.1

Trust: 0.3

vendor:ibmmodel:rational functional testerscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:rational functional testerscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:openpages grc platformscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:1.2

Trust: 0.3

vendor:hpmodel:nonstop server j6.0.14.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.16scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.12.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.27scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.23scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.00scope: - version: -

Trust: 0.3

vendor:hpmodel:jdk and jre for openvms integrity servers 6.0-3.p1scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:vmwaremodel:vcenter server updatescope:neversion:5.11

Trust: 0.3

vendor:vmwaremodel:update manager updatescope:neversion:5.11

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:neversion:3.29.0

Trust: 0.3

vendor:ibmmodel:rational system architectscope:neversion:11.4.2.2

Trust: 0.3

vendor:ibmmodel:rational synergyscope:neversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:rational service testerscope:neversion:8.3.0.1

Trust: 0.3

vendor:ibmmodel:rational performance testerscope:neversion:8.3.0.1

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:neversion:11.0.7

Trust: 0.3

vendor:ibmmodel:rational functional testerscope:neversion:8.3.0.1

Trust: 0.3

vendor:ibmmodel:openpages grc platformscope:neversion:6.2.1

Trust: 0.3

vendor:hpmodel:jdk and jre for openvms integrity serversscope:neversion:6.0-4

Trust: 0.3

sources: BID: 56072 // JVNDB: JVNDB-2012-004958 // CNNVD: CNNVD-201210-277 // NVD: CVE-2012-3159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3159
value: HIGH

Trust: 1.0

NVD: CVE-2012-3159
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201210-277
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2012-3159
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-004958 // CNNVD: CNNVD-201210-277 // NVD: CVE-2012-3159

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3159

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 118835 // CNNVD: CNNVD-201210-277

TYPE

Unknown

Trust: 0.3

sources: BID: 56072

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004958

PATCH
title:HT5549url:http://support.apple.com/kb/HT5549
Trust: 0.8
title:HT5549url:http://support.apple.com/kb/HT5549?viewlocale=ja_JP
Trust: 0.8
title:HPSBUX02832 SSRT101042url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03595351
Trust: 0.8
title:HPSBOV02833 SSRT101043url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03596813
Trust: 0.8
title:1616490url:http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Trust: 0.8
title:1621154url:http://www-01.ibm.com/support/docview.wss?uid=swg21621154
Trust: 0.8
title:1620037url:http://www-01.ibm.com/support/docview.wss?uid=swg21620037
Trust: 0.8
title:SUSE-SU-2012:1595url:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html
Trust: 0.8
title:SUSE-SU-2012:1398url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Trust: 0.8
title:Text Form of Oracle Java SE Critical Patch Update - October 2012 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/javacpuoct2012verbose-1515981.html
Trust: 0.8
title:Oracle Java SE Critical Patch Update Advisory - October 2012url:http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Trust: 0.8
title:RHSA-2013:1455url:https://rhn.redhat.com/errata/RHSA-2013-1455.html
Trust: 0.8
title:RHSA-2013:1456url:https://rhn.redhat.com/errata/RHSA-2013-1456.html
Trust: 0.8
title:RHSA-2012:1466url:http://rhn.redhat.com/errata/RHSA-2012-1466.html
Trust: 0.8
title:RHSA-2012:1391url:http://rhn.redhat.com/errata/RHSA-2012-1391.html
Trust: 0.8
title:RHSA-2012:1467url:http://rhn.redhat.com/errata/RHSA-2012-1467.html
Trust: 0.8
title:RHSA-2012:1392url:http://rhn.redhat.com/errata/RHSA-2012-1392.html
Trust: 0.8
title:October 2012 Critical Patch Update and Critical Patch Update for Java SE Releasedurl:https://blogs.oracle.com/security/entry/october_2012_critical_patch_update
Trust: 0.8
title:XRX13-003url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Trust: 0.8
title:Oracle Corporation Javaプラグインの脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/oracle/20121017.html
Trust: 0.8
title:Oracle Java SE JRE Fixes for Unknown Security Vulnerabilities in Componentsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192733
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-004958 // 
            
            
            
            CNNVD: CNNVD-201210-277

EXTERNAL IDS
db:NVDid:CVE-2012-3159
Trust: 3.4
db:BIDid:56072
Trust: 1.9
db:SECUNIAid:51327
Trust: 1.6
db:SECUNIAid:51390
Trust: 1.6
db:SECUNIAid:51438
Trust: 1.6
db:SECUNIAid:51326
Trust: 1.6
db:JVNDBid:JVNDB-2012-004958
Trust: 0.8
db:CNNVDid:CNNVD-201210-277
Trust: 0.6
db:ICS CERTid:ICSA-17-213-02
Trust: 0.3
db:PACKETSTORMid:117478
Trust: 0.1
db:PACKETSTORMid:118140
Trust: 0.1
db:PACKETSTORMid:117455
Trust: 0.1
db:PACKETSTORMid:118835
Trust: 0.1
db:PACKETSTORMid:117477
Trust: 0.1
db:PACKETSTORMid:117704
Trust: 0.1
db:PACKETSTORMid:118142
Trust: 0.1
sources:
            
            
            BID: 56072 // 
            
            
            
            JVNDB: JVNDB-2012-004958 // 
            
            
            
            PACKETSTORM: 117478 // 
            
            
            
            PACKETSTORM: 118140 // 
            
            
            
            PACKETSTORM: 117455 // 
            
            
            
            PACKETSTORM: 118835 // 
            
            
            
            PACKETSTORM: 117477 // 
            
            
            
            PACKETSTORM: 117704 // 
            
            
            
            PACKETSTORM: 118142 // 
            
            
            
            CNNVD: CNNVD-201210-277 // 
            
            
            
            NVD: CVE-2012-3159

REFERENCES
url:http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Trust: 2.2
url:http://www-01.ibm.com/support/docview.wss?uid=swg21620575
Trust: 1.9
url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf
Trust: 1.9
url:http://www-01.ibm.com/support/docview.wss?uid=swg21620037
Trust: 1.9
url:http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Trust: 1.9
url:http://rhn.redhat.com/errata/rhsa-2012-1392.html
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2012-1466.html
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2012-1391.html
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2012-1467.html
Trust: 1.7
url:http://rhn.redhat.com/errata/rhsa-2013-1456.html
Trust: 1.6
url:http://secunia.com/advisories/51438
Trust: 1.6
url:http://secunia.com/advisories/51326
Trust: 1.6
url:http://secunia.com/advisories/51327
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=135542848327757&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=135758563611658&w=2
Trust: 1.6
url:http://rhn.redhat.com/errata/rhsa-2013-1455.html
Trust: 1.6
url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Trust: 1.6
url:http://secunia.com/advisories/51390
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/79424
Trust: 1.6
url:http://www-01.ibm.com/support/docview.wss?uid=swg21621154
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16615
Trust: 1.6
url:http://www.securityfocus.com/bid/56072
Trust: 1.6
url:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3159
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20121017-jre.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3159
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2012-1533
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5075
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-1531
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5071
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5081
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5072
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-3216
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-1532
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-3143
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-3159
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5069
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5084
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5073
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5083
Trust: 0.7
url:https://nvd.nist.gov/vuln/detail/cve-2012-5077
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-5089
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-5086
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-5068
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-4416
Trust: 0.5
url:https://nvd.nist.gov/vuln/detail/cve-2012-5079
Trust: 0.5
url:https://www.redhat.com/security/data/cve/cve-2012-3143.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5072.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5073.html
Trust: 0.4
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5089.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-1531.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5079.html
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2012-5085
Trust: 0.4
url:https://access.redhat.com/security/team/contact/
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5081.html
Trust: 0.4
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5071.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-1532.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-3159.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-3216.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5069.html
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5075.html
Trust: 0.4
url:https://access.redhat.com/knowledge/articles/11258
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5084.html
Trust: 0.4
url:https://access.redhat.com/security/team/key/#package
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-5083.html
Trust: 0.4
url:http://bugzilla.redhat.com/):
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2012-1533.html
Trust: 0.4
url:http://support.apple.com/kb/ht5549
Trust: 0.3
url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us
Trust: 0.3
url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java
Trust: 0.3
url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java1
Trust: 0.3
url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_vulnerabilities_in_rational_functional_tester_versions_8_x_due_to_security_vulnerabilities_in_ibm_jre_7_0_service_release_2_or_e
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-02
Trust: 0.3
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03595351
Trust: 0.3
url:http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1&ac.admitted=1378134276525.876444892.492883150
Trust: 0.3
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03596813
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21621951
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21621771
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21617321
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21617323
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21635864
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21618977
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21625941
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21636462
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21619418
Trust: 0.3
url:http://www.vmware.com/security/advisories/vmsa-2013-0003.html
Trust: 0.3
url:http://www.vmware.com/security/advisories/vmsa-2013-0006.html
Trust: 0.3
url:www-01.ibm.com/support/docview.wss?uid=swg21621958
Trust: 0.3
url:https://www.redhat.com/security/data/cve/cve-2012-5086.html
Trust: 0.3
url:https://www.redhat.com/security/data/cve/cve-2012-5068.html
Trust: 0.3
url:https://www.redhat.com/security/data/cve/cve-2012-5077.html
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5087
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5070
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5076
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5074
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-5067
Trust: 0.3
url:https://www.redhat.com/security/data/cve/cve-2012-5085.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-4416.html
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-0547
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-0547.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-4820.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-4823.html
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-4820
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-4823
Trust: 0.2
url:https://www.ibm.com/developerworks/java/jdk/alerts/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-4822
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-4822.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5067.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5070.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5076.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5074.html
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2012-5088
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5088.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2012-5087.html
Trust: 0.2
url:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2012-1682.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1682
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:http://www.apple.com/support/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:http://www.o
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-5979
Trust: 0.1
url:http://www.hp.com/java
Trust: 0.1
url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/
Trust: 0.1
url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Trust: 0.1
url:https://www.hp.com/go/swa
Trust: 0.1
url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.10.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~12.04.1
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-1619-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-7/7u9-2.3.3-0ubuntu1~12.10.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~10.04.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1718
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2012-4821.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2012-1718.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4821
Trust: 0.1
sources:
            
            
            BID: 56072 // 
            
            
            
            JVNDB: JVNDB-2012-004958 // 
            
            
            
            PACKETSTORM: 117478 // 
            
            
            
            PACKETSTORM: 118140 // 
            
            
            
            PACKETSTORM: 117455 // 
            
            
            
            PACKETSTORM: 118835 // 
            
            
            
            PACKETSTORM: 117477 // 
            
            
            
            PACKETSTORM: 117704 // 
            
            
            
            PACKETSTORM: 118142 // 
            
            
            
            CNNVD: CNNVD-201210-277 // 
            
            
            
            NVD: CVE-2012-3159

CREDITS
Red Hat
Trust: 0.4
sources:
            
            
            PACKETSTORM: 117478 // 
            
            
            
            PACKETSTORM: 118140 // 
            
            
            
            PACKETSTORM: 117477 // 
            
            
            
            PACKETSTORM: 118142

SOURCES
db:BIDid:56072
db:JVNDBid:JVNDB-2012-004958
db:PACKETSTORMid:117478
db:PACKETSTORMid:118140
db:PACKETSTORMid:117455
db:PACKETSTORMid:118835
db:PACKETSTORMid:117477
db:PACKETSTORMid:117704
db:PACKETSTORMid:118142
db:CNNVDid:CNNVD-201210-277
db:NVDid:CVE-2012-3159

LAST UPDATE DATE
2024-11-11T23:06:25.676000+00:00

SOURCES UPDATE DATE
db:BIDid:56072date:2017-08-03T11:09:00
db:JVNDBid:JVNDB-2012-004958date:2015-08-11T00:00:00
db:CNNVDid:CNNVD-201210-277date:2022-05-16T00:00:00
db:NVDid:CVE-2012-3159date:2022-05-13T14:52:54.717

SOURCES RELEASE DATE
db:BIDid:56072date:2012-10-16T00:00:00
db:JVNDBid:JVNDB-2012-004958date:2012-10-18T00:00:00
db:PACKETSTORMid:117478date:2012-10-18T22:02:53
db:PACKETSTORMid:118140date:2012-11-16T07:05:59
db:PACKETSTORMid:117455date:2012-10-16T19:22:22
db:PACKETSTORMid:118835date:2012-12-14T02:38:55
db:PACKETSTORMid:117477date:2012-10-18T22:02:02
db:PACKETSTORMid:117704date:2012-10-26T22:43:35
db:PACKETSTORMid:118142date:2012-11-16T07:06:23
db:CNNVDid:CNNVD-201210-277date:2012-10-18T00:00:00
db:NVDid:CVE-2012-3159date:2012-10-16T21:55:01.447