VulDB: Oracle Java SE JRE up to 7 Update 4 Networking unknown vulnerability
General
scipID: 5540
Affected: Oracle Java SE JRE up to 7 Update 4
Published: 06/12/2012
Risk: 
problematic
Entry: 87% complete
Created: 06/14/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, has been found in Oracle Java SE JRE up to 7 Update 4. Affected by this issue is an unknown function of the component Networking. Impacted is confidentiality, integrity, and availability.
The weakness was published 06/12/2012 as bulletin. The advisory is shared for download at oracle.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2012-1720 since 03/16/2012. The attack needs to be approached locally. The successful exploitation requires a single authentication. Technical details are unknown but a private exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82885) and Secunia (SA49472).CVSS
Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Local: Yes
Remote: No
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: oracle.com
Timeline
03/16/2012 | CVE assigned
06/12/2012 | Advisory disclosed
06/12/2012 | Countermeasure disclosed
06/12/2012 | OSVDB entry created
06/14/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: oracle.com
Coordinated: Yes
OSVDB: 82885
CVE: CVE-2012-1720 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49472
