ID

VAR-201210-0343


CVE

CVE-2012-4416


TITLE

Oracle Java SE of Java Runtime Environment In Hotspot Processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004960

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. Oracle Java Virtual Machine (JVM) is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to disclose sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_35 Description: Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5086 CVE-2012-5089 CVE-2012-5979 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: 2ca7594a6f7849b502715e8473cf46ef73570da6 For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: eff777cdc39b4e3336b3477f60e8ad769ded8532 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQfZ+bAAoJEPefwLHPlZEwF+YP/iVGN+CqCkLf7SavQUwyTQ08 a6+I34hefvCQcLCQ4EBYOzDXUJIlcH2azcGnvQsrrgWgpoE6ykqyj4fkpwLM0nF1 CfcSGOV8hmC2ZtR2PgJLcaP4FDKyNoOqLtKY6KtZnUQNcKBYcdM/y3OON9Zc0F2/ m/nQGnm3RfuXYXzSmTwJVKjuR1MkhUfZ9N6cwYUfjQC6cQaRs4tjeezd1jaobeXZ lfk5Mo/kp3KTwAKsjdwqIThGX/UXdHQm9PnGfU9ktNv0429vKTX4VarPjyLsIeiO GcBjfzRKzWYrbzTyKqKRAmtC/TcTnGJ8AfOjCP6HedeelJEbHB3iBb4ugqHzcPGG ffZ9rZy8SMVppJyv3NeJJN86Kl3etdShmhj7maxyQUopDanpZQraaarkNlSYyLql I0z4/IGX6W4Y2HYI+5wRchSewZi9mU9tw1HFZaoINaPBynEC0jihbeT5P9olX7mL 1OrWyPMPeaXtD9VRaSlV1WwPojJp26XrcWFUu6gqCOWRTzL0h83hNJrQJwTW7PrT g6ryifMGItMkmOuINyniuUbz1PcOiQZ5VhtQn8XbvjX4BpGS6GJ4IAJ0rv9nSeON PGv6JcpEAdjEdsChnDTGGTyUzQSN+HU/KTd7Jngg/Bu1v96ZAqrmVzFVkZi+6dtN 8KhhmiZ54RdiudmsUgFu =TWGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:1385-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1385.html Issue date: 2012-10-17 CVE Names: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606) 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) 865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656) 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) 865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917) 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296) 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) 865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567) 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-3216.html https://www.redhat.com/security/data/cve/CVE-2012-4416.html https://www.redhat.com/security/data/cve/CVE-2012-5068.html https://www.redhat.com/security/data/cve/CVE-2012-5069.html https://www.redhat.com/security/data/cve/CVE-2012-5071.html https://www.redhat.com/security/data/cve/CVE-2012-5072.html https://www.redhat.com/security/data/cve/CVE-2012-5073.html https://www.redhat.com/security/data/cve/CVE-2012-5075.html https://www.redhat.com/security/data/cve/CVE-2012-5077.html https://www.redhat.com/security/data/cve/CVE-2012-5079.html https://www.redhat.com/security/data/cve/CVE-2012-5081.html https://www.redhat.com/security/data/cve/CVE-2012-5084.html https://www.redhat.com/security/data/cve/CVE-2012-5085.html https://www.redhat.com/security/data/cve/CVE-2012-5086.html https://www.redhat.com/security/data/cve/CVE-2012-5089.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.10/NEWS http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQftoKXlSAg2UNWIIRAlxMAJ4+4H1sLrKcMHwCn+Dlg2sZc4GxwACfVAI/ p/e+cXPH/rQkcx4meVul1Ro= =o5MM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory and Oracle Security Alert pages, listed in the References section. OpenVMS Integrity JDK and JRE 6.0-3.p1 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03595351 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03595351 Version: 1 HPSBUX02832 SSRT101042 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. References: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5089 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v7.0.03, v6.0.16 and v5.0.26 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1531 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1532 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-1533 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3143 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3159 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-3216 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-4416 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5068 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-5069 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2012-5071 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-5072 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5073 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5075 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2012-5077 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5079 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2012-5081 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5083 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5084 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2012-5085 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 0.0 CVE-2012-5086 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5087 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-5089 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 NOTE: The following apply to both v7.0.03 and v6.0.16 and earlier: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5089 NOTE: The following apply to v5.0.26 and earlier: CVE-2012-1531, CVE-2012-3143, CVE-2012-3216, CVE-2012-5069, CVE-2012-5071, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5089 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.04 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.17 or subsequent HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.27 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.04 or subsequent For Java v6.0 update to Java v6.0.17 or subsequent For Java v5.0 update to Java v5.0.27 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS action: install revision 1.5.0.27.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-DEMO Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS action: install revision 1.6.0.17.00 or subsequent HP-UX B.11.11 HP-UX B.11.23 =========== Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15-COM Jre15.JRE15-COM-DOC Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.27.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 12 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1619-1 October 26, 2012 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070) Vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088) A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081) Please see the following for more information: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1 icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1 openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1 Ubuntu 11.10: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1 Ubuntu 11.04: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2 This update uses a new upstream release, which includes additional bug fixes

Trust: 2.52

sources: NVD: CVE-2012-4416 // JVNDB: JVNDB-2012-004960 // BID: 55501 // VULMON: CVE-2012-4416 // PACKETSTORM: 117455 // PACKETSTORM: 117454 // PACKETSTORM: 117478 // PACKETSTORM: 119308 // PACKETSTORM: 118835 // PACKETSTORM: 117704

AFFECTED PRODUCTS

vendor:oraclemodel:jdkscope:eqversion:1.6.0

Trust: 1.6

vendor:sunmodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:jrescope:lteversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:lteversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:lteversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0.200

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0.210

Trust: 1.0

vendor:oraclemodel:jrescope:lteversion:1.6.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jre 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 12scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.7

Trust: 0.9

vendor:sunmodel:jre 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 14scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 02scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 01scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 14scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 11scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdkscope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 20scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 02scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 22scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdkscope:eqversion:1.7

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 22scope: - version: -

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8 and later

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7 and later

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:6 update 35

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:7 update 7

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:6 update 35

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:7 update 7

Trust: 0.8

vendor:hitachimodel:cosminexus application server enterprisescope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application server standardscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application server version 5scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus clientscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developer light version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer professional version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer standard version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer version 5scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:cosminexus server - standard edition version 4scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus server - web edition version 4scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:hirdb for java /xmlscope: - version: -

Trust: 0.8

vendor:hitachimodel:developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:processing kit for xmlscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:express

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server standardscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus application server standardscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope:eqversion:for plug-in

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:01

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional for plug-in

Trust: 0.8

vendor:hitachimodel:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus portal frameworkscope:eqversion:entry set

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus serverscope:eqversion:standard-r

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:- messaging

Trust: 0.8

vendor:sunmodel:jre 1.6.0 20scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.6.0 2scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.6.0 01scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 01-b06scope:eqversion:1.6

Trust: 0.6

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:vmwaremodel:virtualcenterscope:eqversion:2.5

Trust: 0.3

vendor:vmwaremodel:vcenter update managerscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:vcenter update managerscope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:4.1

Trust: 0.3

vendor:vmwaremodel:vcenter serverscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:jdk 1.6.0 01-b06scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 01scope:eqversion:1.6

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.07

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.06

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.05

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.04

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.03

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.019

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.018

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.017

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.016

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.015

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.014

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.013

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.012

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.011

Trust: 0.3

vendor:sunmodel:jdk updatescope:eqversion:1.6.010

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:eqversion:3.27.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.07

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.06

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.05

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.04

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.03

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.021

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.020

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.02

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.019

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.018

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.017

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.016

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.015

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.014

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.013

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.012

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.011

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.010

Trust: 0.3

vendor:pandamodel:antivirus updatescope:eqversion:1.6.01

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.1

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 0.3

vendor:oraclemodel:jre updatescope:eqversion:1.77

Trust: 0.3

vendor:oraclemodel:jre updatescope:eqversion:1.76

Trust: 0.3

vendor:oraclemodel:jre updatescope:eqversion:1.74

Trust: 0.3

vendor:oraclemodel:jre updatescope:eqversion:1.710

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:openjdkmodel:openjdkscope:eqversion:7

Trust: 0.3

vendor:openjdkmodel:openjdkscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:icedteamodel:icedteascope:eqversion:2.3.2

Trust: 0.3

vendor:icedteamodel:icedteascope:eqversion:2.2.2

Trust: 0.3

vendor:icedteamodel:icedteascope:eqversion:2.1.2

Trust: 0.3

vendor:icedteamodel:icedteascope:eqversion:1.11.4

Trust: 0.3

vendor:icedteamodel:icedteascope:eqversion:1.10.9

Trust: 0.3

vendor:ibmmodel:rational synergyscope:eqversion:7.1.0.6

Trust: 0.3

vendor:ibmmodel:rational service testerscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:rational performance testerscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0.6.1

Trust: 0.3

vendor:ibmmodel:openpages grc platformscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:nonstop server j6.0.14.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.16scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.12.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.27scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.23scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.00scope: - version: -

Trust: 0.3

vendor:hpmodel:jdk and jre for openvms integrity servers 6.0-3.p1scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:hitachimodel:ucosminexus service platform messagingscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus service platformscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus service architectscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus portal frameworkscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus operatorscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus clientscope:eqversion:09-00

Trust: 0.3

vendor:hitachimodel:ucosminexus application serverscope:eqversion:09-00

Trust: 0.3

vendor:hitachimodel:processing kit for xmlscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:hirdbscope:eqversion:8.0

Trust: 0.3

vendor:hitachimodel:hirdbscope:eqversion:7.0

Trust: 0.3

vendor:hitachimodel:cosminexus studioscope:eqversion:4.0

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:9.0

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:8.0

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:7.0

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:7

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:6.0

Trust: 0.3

vendor:hitachimodel:cosminexusscope:eqversion:5.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system platform sp1scope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.9.3

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.8.3

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.0.3

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:vmwaremodel:vcenter server updatescope:neversion:5.11

Trust: 0.3

vendor:vmwaremodel:update manager updatescope:neversion:5.11

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:neversion:3.29.0

Trust: 0.3

vendor:icedteamodel:icedteascope:neversion:2.3.3

Trust: 0.3

vendor:icedteamodel:icedteascope:neversion:2.2.3

Trust: 0.3

vendor:icedteamodel:icedteascope:neversion:2.1.3

Trust: 0.3

vendor:icedteamodel:icedteascope:neversion:1.11.5

Trust: 0.3

vendor:icedteamodel:icedteascope:neversion:1.10.10

Trust: 0.3

vendor:ibmmodel:rational synergyscope:neversion:7.1.0.7

Trust: 0.3

vendor:ibmmodel:rational service testerscope:neversion:8.3.0.1

Trust: 0.3

vendor:ibmmodel:rational performance testerscope:neversion:8.3.0.1

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:neversion:11.0.7

Trust: 0.3

vendor:ibmmodel:openpages grc platformscope:neversion:6.2.1

Trust: 0.3

vendor:hpmodel:jdk and jre for openvms integrity serversscope:neversion:6.0-4

Trust: 0.3

sources: BID: 55501 // JVNDB: JVNDB-2012-004960 // CNNVD: CNNVD-201209-301 // NVD: CVE-2012-4416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4416
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4416
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-301
value: MEDIUM

Trust: 0.6

VULMON: CVE-2012-4416
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4416
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2012-4416 // JVNDB: JVNDB-2012-004960 // CNNVD: CNNVD-201209-301 // NVD: CVE-2012-4416

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-4416

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 119308 // PACKETSTORM: 118835 // CNNVD: CNNVD-201209-301

TYPE

Unknown

Trust: 0.3

sources: BID: 55501

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004960

PATCH

title:HT5549url:http://support.apple.com/kb/HT5549

Trust: 0.8

title:HT5549url:http://support.apple.com/kb/HT5549?viewlocale=ja_JP

Trust: 0.8

title:HS12-023url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html

Trust: 0.8

title:HPSBOV02833 SSRT101043url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03596813

Trust: 0.8

title:HPSBUX02832 SSRT101042url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03595351

Trust: 0.8

title:openSUSE-SU-2012:1423url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html

Trust: 0.8

title:SUSE-SU-2012:1398url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Trust: 0.8

title:Text Form of Oracle Java SE Critical Patch Update - October 2012 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/javacpuoct2012verbose-1515981.html

Trust: 0.8

title:Oracle Java SE Critical Patch Update Advisory - October 2012url:http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Trust: 0.8

title:RHSA-2012:1391url:http://rhn.redhat.com/errata/RHSA-2012-1391.html

Trust: 0.8

title:RHSA-2012:1392url:http://rhn.redhat.com/errata/RHSA-2012-1392.html

Trust: 0.8

title:RHSA-2012:1385url:http://rhn.redhat.com/errata/RHSA-2012-1385.html

Trust: 0.8

title:RHSA-2012:1386url:http://rhn.redhat.com/errata/RHSA-2012-1386.html

Trust: 0.8

title:October 2012 Critical Patch Update and Critical Patch Update for Java SE Releasedurl:https://blogs.oracle.com/security/entry/october_2012_critical_patch_update

Trust: 0.8

title:XRX13-003url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Trust: 0.8

title:HS12-023url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-023/index.html

Trust: 0.8

title:Oracle Corporation Javaプラグインの脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/oracle/20121017.html

Trust: 0.8

title:Oracle Java SE JRE Fixes for Unknown Security Vulnerabilities in Componentsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192728

Trust: 0.6

title:Red Hat: Important: java-1.6.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121385 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.6.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121384 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121386 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.6.0-sun security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121392 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.7.0-oracle security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121391 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-136url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-136

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-137url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-137

Trust: 0.1

title:Ubuntu Security Notice: openjdk-6, openjdk-7 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1619-1

Trust: 0.1

title:Threatposturl:https://threatpost.com/apple-patches-java-flaws-101812/77126/

Trust: 0.1

sources: VULMON: CVE-2012-4416 // JVNDB: JVNDB-2012-004960 // CNNVD: CNNVD-201209-301

EXTERNAL IDS

db:NVDid:CVE-2012-4416

Trust: 3.4

db:HITACHIid:HS12-023

Trust: 2.0

db:BIDid:55501

Trust: 2.0

db:SECUNIAid:51029

Trust: 1.7

db:SECUNIAid:51141

Trust: 1.7

db:SECUNIAid:51028

Trust: 1.7

db:SECUNIAid:51166

Trust: 1.7

db:JVNDBid:JVNDB-2012-004960

Trust: 0.8

db:CNNVDid:CNNVD-201209-301

Trust: 0.6

db:ICS CERTid:ICSA-17-213-02

Trust: 0.3

db:VULMONid:CVE-2012-4416

Trust: 0.1

db:PACKETSTORMid:117455

Trust: 0.1

db:PACKETSTORMid:117454

Trust: 0.1

db:PACKETSTORMid:117478

Trust: 0.1

db:PACKETSTORMid:119308

Trust: 0.1

db:PACKETSTORMid:118835

Trust: 0.1

db:PACKETSTORMid:117704

Trust: 0.1

sources: VULMON: CVE-2012-4416 // BID: 55501 // JVNDB: JVNDB-2012-004960 // PACKETSTORM: 117455 // PACKETSTORM: 117454 // PACKETSTORM: 117478 // PACKETSTORM: 119308 // PACKETSTORM: 118835 // PACKETSTORM: 117704 // CNNVD: CNNVD-201209-301 // NVD: CVE-2012-4416

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Trust: 2.3

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 2.0

url:http://rhn.redhat.com/errata/rhsa-2012-1385.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2012-1392.html

Trust: 1.8

url:http://www.securityfocus.com/bid/55501

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2012-1391.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2012-1386.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=135542848327757&w=2

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=135758563611658&w=2

Trust: 1.7

url:http://secunia.com/advisories/51029

Trust: 1.7

url:http://secunia.com/advisories/51028

Trust: 1.7

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-023/index.html

Trust: 1.7

url:http://secunia.com/advisories/51141

Trust: 1.7

url:http://secunia.com/advisories/51166

Trust: 1.7

url:http://security.gentoo.org/glsa/glsa-201406-32.xml

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16623

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4416

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20121017-jre.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4416

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-5077

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5075

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-4416

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5089

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5071

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5072

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5086

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-3216

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5068

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5069

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5084

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-5073

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-1533

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-1531

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-1532

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-3143

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-3159

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-5083

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-5085

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-5079

Trust: 0.4

url:http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-october/020571.html

Trust: 0.3

url:http://support.apple.com/kb/ht5549

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=856124

Trust: 0.3

url:http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-october/020556.html

Trust: 0.3

url:http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7196857

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_java1

Trust: 0.3

url:http://www.oracle.com/technetwork/java/index.html

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-02

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100168011

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100168009

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03595351

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1&ac.admitted=1378134276525.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03596813

Trust: 0.3

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-023/index.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21617321

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21617323

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21618977

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21625941

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21636462

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2013-0003.html

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2013-0006.html

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2012-5072.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5073.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5085.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5086.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-4416.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5089.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5079.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5068.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5081.html

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5071.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-3216.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5069.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5075.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5077.html

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5084.html

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-5087

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:1385

Trust: 0.1

url:https://usn.ubuntu.com/1619-1/

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2012-136.html

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://www.o

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5979

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.10/news

Trust: 0.1

url:http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-3143.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-1531.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0547

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0547.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-1532.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-3159.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-5083.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-1533.html

Trust: 0.1

url:http://h18012.www1.hp.com/java/alpha

Trust: 0.1

url:http://www.hp.com/java

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5070

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~12.04.1

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1619-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-7/7u9-2.3.3-0ubuntu1~12.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~10.04.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5076

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5074

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5067

Trust: 0.1

sources: VULMON: CVE-2012-4416 // BID: 55501 // JVNDB: JVNDB-2012-004960 // PACKETSTORM: 117455 // PACKETSTORM: 117454 // PACKETSTORM: 117478 // PACKETSTORM: 119308 // PACKETSTORM: 118835 // PACKETSTORM: 117704 // CNNVD: CNNVD-201209-301 // NVD: CVE-2012-4416

CREDITS

Jan iankko Lieskovsky

Trust: 0.9

sources: BID: 55501 // CNNVD: CNNVD-201209-301

SOURCES

db:VULMONid:CVE-2012-4416
db:BIDid:55501
db:JVNDBid:JVNDB-2012-004960
db:PACKETSTORMid:117455
db:PACKETSTORMid:117454
db:PACKETSTORMid:117478
db:PACKETSTORMid:119308
db:PACKETSTORMid:118835
db:PACKETSTORMid:117704
db:CNNVDid:CNNVD-201209-301
db:NVDid:CVE-2012-4416

LAST UPDATE DATE

2024-11-12T20:10:14.438000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2012-4416date:2017-09-19T00:00:00
db:BIDid:55501date:2017-08-03T11:09:00
db:JVNDBid:JVNDB-2012-004960date:2015-03-18T00:00:00
db:CNNVDid:CNNVD-201209-301date:2022-05-16T00:00:00
db:NVDid:CVE-2012-4416date:2022-05-13T14:52:58.837

SOURCES RELEASE DATE

db:VULMONid:CVE-2012-4416date:2012-10-16T00:00:00
db:BIDid:55501date:2012-09-11T00:00:00
db:JVNDBid:JVNDB-2012-004960date:2012-10-18T00:00:00
db:PACKETSTORMid:117455date:2012-10-16T19:22:22
db:PACKETSTORMid:117454date:2012-10-18T06:07:56
db:PACKETSTORMid:117478date:2012-10-18T22:02:53
db:PACKETSTORMid:119308date:2013-01-08T04:16:56
db:PACKETSTORMid:118835date:2012-12-14T02:38:55
db:PACKETSTORMid:117704date:2012-10-26T22:43:35
db:CNNVDid:CNNVD-201209-301date:2012-09-18T00:00:00
db:NVDid:CVE-2012-4416date:2012-10-16T21:55:01.540