OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)

🗓️ 21 Feb 2012 21:57:00Reported by RedHatType

OpenJDK keyboard focus manager flaw enables remote untrusted Web Start applications and applets to affect confidentiality and availability.

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012	19 Aug 202218:23	–	ibm
IBM Security Bulletins	Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)	22 Dec 202017:41	–	ibm
IBM Security Bulletins	Potential Security Vulnerabilities With JavaTM SDKs	17 Jun 201814:05	–	ibm
Amazon	Critical: java-1.6.0-openjdk	15 Feb 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135)	16 Feb 201200:00	–	nessus
Tenable Nessus	Debian DSA-2420-1 : openjdk-6 - several vulnerabilities	29 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690)	16 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 16 : java-1.6.0-openjdk-1.6.0.0-65.1.11.1.fc16 (2012-1711)	20 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)	22 Feb 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-demo	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-demo	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-devel	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-devel	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-javadoc	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-javadoc	1:1.6.0.0-1.25.1.10.6.el5_8	java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
access	www.access.redhat.com/security/cve/CVE-2012-0502
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-0502
cve	www.cve.org/CVERecord

04 Mar 2026 14:23Current

7.4High risk

Vulners AI Score7.4

CVSS 26.4

EPSS0.01874