Vulnerability-Lookup

CVE-2012-3174 (GCVE-0-2012-3174)

Vulnerability from cvelistv5 – Published: 2013-01-14 22:00 – Updated: 2024-08-06 19:57

Summary

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2013-0156.html	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://blog.fuseyism.com/index.php/2013/01/15/sec…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2013-0165.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-1693-1	vendor-advisoryx_refsource_UBUNTU
	https://wiki.mageia.org/en/Support/Advisories/MGA…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:49.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
          },
          {
            "name": "MDVSA-2013:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
          },
          {
            "name": "openSUSE-SU-2013:0199",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
          },
          {
            "name": "RHSA-2013:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
          },
          {
            "name": "USN-1693-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1693-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-19T14:57:03.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2013:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
        },
        {
          "name": "MDVSA-2013:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
        },
        {
          "name": "openSUSE-SU-2013:0199",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
        },
        {
          "name": "RHSA-2013:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
        },
        {
          "name": "USN-1693-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1693-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2012-3174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2013:0156",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
            },
            {
              "name": "MDVSA-2013:095",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
            },
            {
              "name": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/",
              "refsource": "MISC",
              "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
            },
            {
              "name": "openSUSE-SU-2013:0199",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
            },
            {
              "name": "RHSA-2013:0165",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
            },
            {
              "name": "USN-1693-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1693-1"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018",
              "refsource": "CONFIRM",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2012-3174",
    "datePublished": "2013-01-14T22:00:00.000Z",
    "dateReserved": "2012-06-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:57:49.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2012-3174

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-3174

Aliases

CVE-2012-3174

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3174",
    "description": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114.",
    "id": "GSD-2012-3174",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-3174.html",
      "https://access.redhat.com/errata/RHSA-2013:0626",
      "https://access.redhat.com/errata/RHSA-2013:0165",
      "https://access.redhat.com/errata/RHSA-2013:0156",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-3174.html",
      "https://linux.oracle.com/cve/CVE-2012-3174.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-3174"
      ],
      "details": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114.",
      "id": "GSD-2012-3174",
      "modified": "2023-12-13T01:20:20.902321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2012-3174",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2013:0156",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
          },
          {
            "name": "MDVSA-2013:095",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
          },
          {
            "name": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/",
            "refsource": "MISC",
            "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
          },
          {
            "name": "openSUSE-SU-2013:0199",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
          },
          {
            "name": "RHSA-2013:0165",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
          },
          {
            "name": "USN-1693-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1693-1"
          },
          {
            "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018",
            "refsource": "CONFIRM",
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2012-3174"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
            },
            {
              "name": "RHSA-2013:0156",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
            },
            {
              "name": "USN-1693-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1693-1"
            },
            {
              "name": "openSUSE-SU-2013:0199",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
            },
            {
              "name": "RHSA-2013:0165",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
            },
            {
              "name": "MDVSA-2013:095",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
            },
            {
              "name": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-02-21T04:52Z",
      "publishedDate": "2013-01-14T22:55Z"
    }
  }
}

FKIE_CVE-2012-3174

Vulnerability from fkie_nvd - Published: 2013-01-14 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
secalert_us@oracle.com	http://rhn.redhat.com/errata/RHSA-2013-0156.html
secalert_us@oracle.com	http://rhn.redhat.com/errata/RHSA-2013-0165.html
secalert_us@oracle.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html	Vendor Advisory
secalert_us@oracle.com	http://www.ubuntu.com/usn/USN-1693-1
secalert_us@oracle.com	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
af854a3a-2127-422b-91ae-364da2661108	http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0156.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0165.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1693-1
af854a3a-2127-422b-91ae-364da2661108	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018

Impacted products

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Oracle Java 7 anterior a Update 11 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos una vulnerabilidad diferente a CVE-2013-0422. NOTA: algunas partes se han asignado en CVE-2012-3174 a un problema relacionado con el uso recurrente de la Reflection API, pero ese tema ya est\u00e1 cubierto como parte de CVE-2013-0422. Este identificador es una vulnerabilidad diferente cuyos detalles no son p\u00fablicos como 20130114."
    }
  ],
  "id": "CVE-2012-3174",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-01-14T22:55:00.917",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.ubuntu.com/usn/USN-1693-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1693-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XCWW-3952-XR69

Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2025-04-11 04:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-3174"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-01-14T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114.",
  "id": "GHSA-xcww-3952-xr69",
  "modified": "2025-04-11T04:06:21Z",
  "published": "2022-05-17T04:52:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3174"
    },
    {
      "type": "WEB",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
    },
    {
      "type": "WEB",
      "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1693-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-ALE-001

Vulnerability from certfr_alerte - Published: 2013-01-10 - Updated: 2013-01-15

Deux vulnérabilités ont été découvertes dans Oracle Java. La première vulnérabilité concerne la méthode "findClass" de la classe MBeanInstantiator. Cette vulnérabilité est présente dans Oracle Java version 7.
La deuxième vulnérabilité se trouve dans la nouvelle API Reflection de Oracle Java. Cette nouvelle API est disponible à partir de la branche 1.7 du produit. Cette vulnérabilité est donc présente dans les versions antérieures à Oracle Java version 7 mise à jour 11.
L'association des deux vulnérabilités permet à un attaquant d'exécuter du code arbitraire à distance au moyen d'une page Web spécialement conçue sur les postes possédant une version de Oracle Java antérieure à 1.7.11.
Ces vulnérabilités sont activement exploitées et largement diffusées.

Solution

Installer la dernière version stable de Oracle Java :

Oracle Java version 1.7.11

None

Impacted products

	Vendor	Product	Description
	Oracle	N/A	Oracle Java version 7 (première vulnérabilité)
	Oracle	N/A	Versions antérieures à Oracle Java version 7 mise à jour 11 (deuxième vulnérabilité)

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3174 (GCVE-0-2012-3174)

GSD-2012-3174

FKIE_CVE-2012-3174

GHSA-XCWW-3952-XR69

CERTA-2013-ALE-001

Solution

Tags

Sightings

Nomenclature