CVE-2013-0422 – Oracle JRE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0422
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. • https://www.exploit-db.com/exploits/24045 http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday http://lists.open • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través de la manipulación de una entrada para la aplicación que mantiene la tabla de valores hash. • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html http://www.openwall.com/lists/oss-security/2012/06/15/12 http://www.openwall.com/lists/oss-security/2012/06/17/1 https://bugzilla.redhat.com/show_bug.cgi?id=750533 • CWE-310: Cryptographic Issues •
CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula los valores hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través de la manipulación de una entrada a la aplicación que mantiene la tabla de valores hash, como se demostró con un ataque universal multicollision contra el algoritmo MurmurHash3, una vulnerabilidad diferente a CVE-2012-2739. • http://2012.appsec-forum.ch/conferences/#c17 http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf http://www.ocert.org/advisories/ocert-2012-001.html http://www.securityfocus.com/bid/56673 https://bugzilla.redhat.com/show_bug.cgi?id=880705 https://exchange.xforce.ibmcloud.com/vulnerabilities/80299 https://www.131002.net/data/talks/appsec12_slides.pdf • CWE-310: Cryptographic Issues •
CVE-2012-3202
https://notcve.org/view.php?id=CVE-2012-3202
Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. Múltiples vulnerabilidades no especificadas en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.4 y anteriores, y v27.7.3 y versiones anteriores, cuando se utiliza JDK/JRE v5 o v6, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTE: esto solapa CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/56050 •
CVE-2012-5079 – OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
https://notcve.org/view.php?id=CVE-2012-5079
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y versiones anteriores, 6 Update 35 y versiones anteriores, 5.0 Update 36 y versiones anteriores y 1.4.2_38 y versiones anteriores permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Libraries, una vulnerabilidad diferente a CVE-2012-5073. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html http://marc.info/?l=bugtraq&m=135542848327757&w=2 http://marc.info/?l=bugtraq&m=135758563611658&w=2 http://rhn.redhat •