CVE-2012-3174

2013-01-1400:00:00

ubuntu.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.094 Low

EPSS

Percentile

94.6%

JSON

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some
parties have mapped CVE-2012-3174 to an issue involving recursive use of
the Reflection API, but that issue is already covered as part of
CVE-2013-0422. This identifier is for a different vulnerability whose
details are not public as of 20130114.

Notes

Author	Note
jdstrand	like with CVE-2013-0422, exploit code does not work with OpenJDK at this time. Users are advised to disable and/or uninstall the IcedTea plugin (regardless of version) as a precaution unless its use is strictly required. Fixed in IcedTea 2.2.3 and 2.3.4

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchopenjdk-7< 7u9-2.3.4-0ubuntu1.11.10.1UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u9-2.3.4-0ubuntu1.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	openjdk-7	< 7u9-2.3.4-0ubuntu1.11.10.1	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u9-2.3.4-0ubuntu1.12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-7	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN