CVE-2012-1717
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
2.1
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Red Hat Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.2 | Affected | โ |
| 6.0 | Affected | โ |
| 5.0 | Affected | โ |
SUSE Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 11 | Affected | โ |
| 10 | Affected | โ |
Linux kernel Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| - | Not affected | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | jre | {"startIncluding":"1.4.2","endIncluding":"1.4.2_37"} | |
| oracle | jre | 1.5.0 | |
| oracle | jre | 1.6.0 | |
| oracle | jre | 1.7.0 | |
| oracle | jdk | {"startIncluding":"1.4.2","endIncluding":"1.4.2_37"} | |
| oracle | jdk | 1.5.0 | |
| oracle | jdk | 1.6.0 | |
| oracle | jdk | 1.7.0 | |
| redhat | icedtea6 | {"endExcluding":"1.10.8"} | 1.10.8 |
| redhat | satellite_with_embedded_oracle | 5.5 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
- http://rhn.redhat.com/errata/RHSA-2012-0734.html
- http://rhn.redhat.com/errata/RHSA-2012-1243.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://secunia.com/advisories/50659
- http://secunia.com/advisories/51080
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.ibm.com/support/docview.wss?uid=swg21615246
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
- http://www.securityfocus.com/bid/53952
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
- http://rhn.redhat.com/errata/RHSA-2012-0734.html
- http://rhn.redhat.com/errata/RHSA-2012-1243.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.