| VID |
50024 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 6 Update 35.
It, therefore, potentially contains two methods that do not properly restrict access to information about other classes. Specifically, the 'getField' and 'getMethod' methods in the 'sun.awt.SunToolkit' class provided by the bundled SunToolKit can be used to obtain any field or method of a class - even private fields and methods.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
http://www.oracle.com/technetwork/java/javase/6u35-relnotes-1835788.html
* Platforms Affected:
Oracle JDK / JRE prior to 6 Update 35
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Update to JDK / JRE 6 Update 35 or later and remove if necessary any affected versions. |
| Related URL |
CVE-2012-0547 (CVE) |
| Related URL |
55339 (SecurityFocus) |
| Related URL |
(ISS) |
|
