Oracle Java JRE/SDK 6 Update 34/7 Update 6 Beans com.sun.beans.finder.FieldFinder memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.8 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Oracle Java JRE and SDK 6 Update 34/7 Update 6. This issue affects some unknown processing of the file com.sun.beans.finder.FieldFinder of the component Beans. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-3136. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, has been found in Oracle Java JRE and SDK 6 Update 34/7 Update 6 (Programming Language Software). Affected by this issue is an unknown code block of the file com.sun.beans.finder.FieldFinder of the component Beans. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.
The issue has been introduced in 08/14/2012. The weakness was disclosed 08/30/2012 by James Forshaw (TippingPoint) with Security Explorations as confirmed advisory (Website). The advisory is shared for download at oracle.com. The public release has been coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2012-3136 since 06/06/2012. The exploitation is known to be difficult. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a private exploit are known.
The vulnerability was handled as a non-public zero-day exploit for at least 16 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 61789 (CentOS 6 : java-1.7.0-openjdk (CESA-2012:1223)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 185011 (HP-UX Running Java Remote Code Execution Vulnerability (HPSBUX02824)).
Upgrading to version 6 Update 35 or 7 Update 7 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (78169), Tenable (61789), SecurityFocus (BID 55337†), OSVDB (84982†) and Secunia (SA50469†). The entries VDB-6014, VDB-6030 and VDB-6031 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.oracle.com
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.0VulDB Meta Temp Score: 7.8
VulDB Base Score: 9.0
VulDB Temp Score: 7.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 61789
Nessus Name: CentOS 6 : java-1.7.0-openjdk (CESA-2012:1223)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 881484
OpenVAS Name: CentOS Update for java CESA-2012:1223 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Java JRE/SDK 6 Update 35/7 Update 7
Timeline
06/06/2012 🔍08/14/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/30/2012 🔍
08/31/2012 🔍
09/04/2012 🔍
09/12/2012 🔍
03/27/2021 🔍
Sources
Vendor: oracle.comAdvisory: oracle.com
Researcher: James Forshaw (TippingPoint)
Organization: Security Explorations
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-3136 (🔍)
GCVE (CVE): GCVE-0-2012-3136
GCVE (VulDB): GCVE-100-6032
OVAL: 🔍
X-Force: 78169
SecurityFocus: 55337 - Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
Secunia: 50469 - Red Hat update for java-1.7.0-oracle, Highly Critical
OSVDB: 84982
SecurityTracker: 1027458 - Oracle Java Bugs Let Remote Users Execute Arbitrary Code
Vulnerability Center: 36114 - Oracle Java SE 7 Update 6 and Earlier JRE Unspecified Remote Vulnerability Related to Beans, Critical
See also: 🔍
Entry
Created: 08/31/2012 09:48Updated: 03/27/2021 14:42
Changes: 08/31/2012 09:48 (79), 04/19/2017 10:30 (15), 03/27/2021 14:42 (3)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.