openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)

Java-170-openjdk was updated to fix a remote exploit CVE-2012-4681. Also bugfixes were done : - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild osc build --with zero - add hotspot 2.1 needed for zero - fix filelist on %ix86 - Security...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

RHEL 6 : java-1.7.0-ibm (RHSA-2012:1289)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1289 advisory. - OpenJDK: AWT hardening fixes AWT, 7163201 CVE-2012-0547 - Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 Deployment...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)

The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references OpenJDK - S7182135: Impossible to use some editors directly -...

java-1_7_0-openjdk: security fix for remote exploit (critical)

Java-170-openjdk was updated to fix a remote exploit CVE-2012-4681. Also bugfixes were done: - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild osc build --with zero - add hotspot 2.1 needed for zero - fix filelist on %ix86 Security fixes...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

RHEL 6 : java-1.6.0-openjdk (RHSA-2012:1221)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1221 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

CVE-2012-1682

CVE-2012-1682 (Beans component) and CVE-2012-4681 relate to OpenJDK/JRE sandbox bypass and remote code execution. Connected advisories (CESA-2012:1221/1222/1223) describe updates for java-1.6.0-openjdk and java-1.7.0-openjdk to fix these issues, noting that the Beans component could bypass sandbo...

Java 7 Applet Remote Code Execution

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

Java 7 Applet Remote Code Execution

The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod. Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which...