CVE-2012-3174

14.01.2013, 22:55

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:C/A:C
oracle	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

icedtea-web

quantal	not-affected
precise	not-affected
oneiric	not-affected
lucid	not-affected
hardy	dne

openjdk-6

quantal	not-affected
precise	not-affected
oneiric	not-affected
lucid	not-affected
hardy	ignored

openjdk-7

quantal	Fixed 7u9-2.3.4-0ubuntu1.12.10.1 released
precise	Fixed 7u9-2.3.4-0ubuntu1.12.04.1 released
oneiric	Fixed 7u9-2.3.4-0ubuntu1.11.10.1 released
lucid	dne
hardy	dne