CVE-2012-3174

EUVD-2012-3152

14.01.2013, 22:55

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.  NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422.  This identifier is for a different vulnerability whose details are not public as of 20130114.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Affected Products (NVD)

Vendor	Product	Version
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

icedtea-web

hardy	dne
lucid	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected

openjdk-6

hardy	ignored
lucid	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected

openjdk-7

hardy	dne
lucid	dne
oneiric	Fixed 7u9-2.3.4-0ubuntu1.11.10.1 released
precise	Fixed 7u9-2.3.4-0ubuntu1.12.04.1 released
quantal	Fixed 7u9-2.3.4-0ubuntu1.12.10.1 released