Rapid7 VulnDB

RHSA-2012:1225: java-1.7.0-oracle security update

Back to Search

RHSA-2012:1225: java-1.7.0-oracle security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/27/2012
Created
07/25/2018
Added
09/17/2012
Modified
07/04/2017

Description

The Oracle Java 7 release includes the Oracle Java 7 Runtime Environmentand the Oracle Java 7 Software Development Kit.This update fixes several vulnerabilities in the Oracle Java 7 RuntimeEnvironment and the Oracle Java 7 Software Development Kit. Furtherinformation about these flaws can be found on the Oracle Java SE SecurityAlert page, listed in the References section. (CVE-2012-4681,CVE-2012-1682, CVE-2012-3136, CVE-2012-0547)Red Hat is aware that a public exploit for CVE-2012-4681 is available thatexecutes code without user interaction when a user visits a malicious webpage using a browser with the Oracle Java 7 web browser plug-in enabled.All users of java-1.7.0-oracle are advised to upgrade to these updatedpackages, which provide Oracle Java 7 Update 7 and resolve these issues.All running instances of Oracle Java must be restarted for the update totake effect.

Solution(s)

  • redhat-upgrade-java-1-7-0-oracle
  • redhat-upgrade-java-1-7-0-oracle-devel
  • redhat-upgrade-java-1-7-0-oracle-jdbc
  • redhat-upgrade-java-1-7-0-oracle-plugin
  • redhat-upgrade-java-1-7-0-oracle-src

References

  • redhat-upgrade-java-1-7-0-oracle
  • redhat-upgrade-java-1-7-0-oracle-devel
  • redhat-upgrade-java-1-7-0-oracle-jdbc
  • redhat-upgrade-java-1-7-0-oracle-plugin
  • redhat-upgrade-java-1-7-0-oracle-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;