CVE-2012-3174
Published: 14 January 2013
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Notes
| Author | Note |
|---|---|
| jdstrand | like with CVE-2013-0422, exploit code does not work with OpenJDK at this time. Users are advised to disable and/or uninstall the IcedTea plugin (regardless of version) as a precaution unless its use is strictly required. Fixed in IcedTea 2.2.3 and 2.3.4 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
icedtea-web Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Released
(7u9-2.3.4-0ubuntu1.11.10.1)
|
|
| precise |
Released
(7u9-2.3.4-0ubuntu1.12.04.1)
|
|
| quantal |
Released
(7u9-2.3.4-0ubuntu1.12.10.1)
|
|
| upstream |
Released
(7u9-2.3.4-1)
|
|
|
sun-java5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Ignored
(end of life)
|
|
|
sun-java6 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Does not exist
(removed from archive)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
References
- http://www.kb.cert.org/vuls/id/625617
- https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
- http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
- http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
- http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
- http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
- http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
- http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
- http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
- https://blogs.oracle.com/security/entry/security_alert_for_cve_2013
- https://ubuntu.com/security/notices/USN-1693-1
- https://www.cve.org/CVERecord?id=CVE-2012-3174
- NVD
- Launchpad
- Debian