Описание
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | java-1.6.0-sun | Affected | ||
| Red Hat Enterprise Linux 5 | java-1.6.0-openjdk | Fixed | RHSA-2012:0322 | 21.02.2012 |
| Red Hat Enterprise Linux 6 | java-1.6.0-openjdk | Fixed | RHSA-2012:0135 | 14.02.2012 |
| Red Hat Network Satellite Server v 5.4 | java-1.6.0-ibm | Fixed | RHSA-2013:1455 | 23.10.2013 |
| Supplementary for Red Hat Enterprise Linux 5 | java-1.6.0-sun | Fixed | RHSA-2012:0139 | 16.02.2012 |
| Supplementary for Red Hat Enterprise Linux 5 | java-1.5.0-ibm | Fixed | RHSA-2012:0508 | 23.04.2012 |
| Supplementary for Red Hat Enterprise Linux 5 | java-1.6.0-ibm | Fixed | RHSA-2012:0514 | 24.04.2012 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.6.0-sun | Fixed | RHSA-2012:0139 | 16.02.2012 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.5.0-ibm | Fixed | RHSA-2012:0508 | 23.04.2012 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Fixed | RHSA-2012:0514 | 24.04.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Уязвимость реализации класса AtomicReferenceArray компонента Concurrency программной платформы Java Runtime Environment, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2