CVE-2012-4823
Description
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://www-304.ibm.com/support/docview.wss?uid=swg21616546
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21621154
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616708
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616652
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616617
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616616
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616594
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615800
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615705
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687
Application impact
References
- http://rhn.redhat.com/errata/RHSA-2012-1466.html
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://seclists.org/bugtraq/2012/Sep/38
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51327
- http://secunia.com/advisories/51634
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490
- http://www-01.ibm.com/support/docview.wss?uid=swg21616594
- http://www-01.ibm.com/support/docview.wss?uid=swg21616616
- http://www-01.ibm.com/support/docview.wss?uid=swg21616617
- http://www-01.ibm.com/support/docview.wss?uid=swg21616652
- http://www-01.ibm.com/support/docview.wss?uid=swg21616708
- http://www-01.ibm.com/support/docview.wss?uid=swg21621154
- http://www.securityfocus.com/bid/55495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78767
- https://www-304.ibm.com/support/docview.wss?uid=swg21616546
- http://rhn.redhat.com/errata/RHSA-2012-1466.html
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
Verify integrity in audit chain (admin only). AS-IS.