Back to search

Oracle Security Alert: Java Runtime Environment AWT vulnerability (CVE-2012-0547)

Severity CVSS Published Added Modified
1 (AV:N/AC:L/Au:N/C:N/I:N/A:N) August 30, 2012 August 31, 2012 November 01, 2013

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Oracle JRE >= 1.6.0.0 and < 1.6.0.35

    Upgrade to Oracle Java version 1.6.0.35

    Upgrade your copy of the Java Runtime Environment to 1.6.0.35, which can be downloaded from here.

  • Oracle JRE >= 1.7.0.0 and < 1.7.0.7

    Upgrade to Oracle Java version 1.7.0.7

    Upgrade your copy of the Java Runtime Environment to 1.7.0.7, which can be downloaded from here.

Related Vulnerabilities