{"api_version":"1","generated_at":"2026-04-26T01:38:57+00:00","cve":"CVE-2012-4681","urls":{"html":"https://cve.report/CVE-2012-4681","api":"https://cve.report/api/cve/CVE-2012-4681.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-4681","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-4681"},"summary":{"title":"CVE-2012-4681","description":"Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.","state":"PUBLISHED","assigner":"mitre","published_at":"2012-08-28 00:55:01","updated_at":"2026-04-21 18:38:11"},"problem_types":["NVD-CWE-Other","CWE-284","n/a","CWE-284 CWE-284 Improper Access Control"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/","name":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit"],"title":"New Java 0day exploited in the wild - Alienvault Labs","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2","name":"http://marc.info/?l=bugtraq&m=135109152819176&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"],"title":"'[security bulletin] HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day","name":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"],"title":"Metasploit: Let's start the week with a new Jav... | SecurityStreet","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1225.html","name":"http://rhn.redhat.com/errata/RHSA-2012-1225.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html","name":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Alert for CVE-2012-4681","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html","name":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:Zero-Day Season is Not Over Yet","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html","name":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"],"title":"DeepEnd Research: CVE-2012-4681 Java 7 0-Day vulnerability analysis","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/51044","name":"http://secunia.com/advisories/51044","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html","name":"http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"[security-announce] SUSE-SU-2012:1231-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html","name":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"Immunity Products: Java 0day analysis (CVE-2012-4681)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA12-240A.html","name":"http://www.us-cert.gov/cas/techalerts/TA12-240A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/55213","name":"http://www.securityfocus.com/bid/55213","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Oracle Java Runtime Environment Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4681","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4681","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html","name":"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"[security-announce] SUSE-SU-2012:1398-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-4681","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4681","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-03-03T00:00:00.000Z","lang":"en","value":"CVE-2012-4681 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update17","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update18","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update19","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update20","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update21","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update22","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update23","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update24","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update25","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update26","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update27","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update29","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update30","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update31","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update32","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update33","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update34","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.6.0","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jdk","cpe6":"1.7.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update14","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update15","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update16","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update17","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update18","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update19","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update20","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update21","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update22","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update23","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update24","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update25","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update26","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update27","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update29","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update30","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update31","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update32","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update33","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update34","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.6.0","cpe7":"update9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"jre","cpe6":"1.7.0","cpe7":"update6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4681","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2012","cve_id":"4681","cve":"CVE-2012-4681","vendorProject":"Oracle","product":"Java SE","vulnerabilityName":"Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability","dateAdded":"2022-03-03","shortDescription":"The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-03-24","knownRansomwareCampaignUse":"Known","notes":"https://nvd.nist.gov/vuln/detail/CVE-2012-4681","cwes":"","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:34"},"epss":{"cve_year":"2012","cve_id":"4681","cve":"CVE-2012-4681","epss":"0.941400000","percentile":"0.999160000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:23"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T20:42:55.009Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html"},{"name":"SUSE-SU-2012:1398","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"},{"name":"SUSE-SU-2012:1231","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"},{"name":"TA12-240A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA12-240A.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/"},{"name":"SSRT100970","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html"},{"name":"RHSA-2012:1225","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1225.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html"},{"name":"51044","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/51044"},{"name":"HPSBUX02824","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"name":"55213","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/55213"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2012-4681","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-10T20:02:21.664658Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-03-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4681"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:46.560Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-4681"}],"timeline":[{"lang":"en","time":"2022-03-03T00:00:00.000Z","value":"CVE-2012-4681 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-08-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-04T09:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html"},{"name":"SUSE-SU-2012:1398","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"},{"name":"SUSE-SU-2012:1231","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"},{"name":"TA12-240A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA12-240A.html"},{"tags":["x_refsource_MISC"],"url":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/"},{"name":"SSRT100970","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"tags":["x_refsource_MISC"],"url":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day"},{"tags":["x_refsource_MISC"],"url":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html"},{"name":"RHSA-2012:1225","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2012-1225.html"},{"tags":["x_refsource_MISC"],"url":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html"},{"name":"51044","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/51044"},{"name":"HPSBUX02824","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"name":"55213","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/55213"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-4681","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html","refsource":"MISC","url":"http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html"},{"name":"SUSE-SU-2012:1398","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"},{"name":"SUSE-SU-2012:1231","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"},{"name":"TA12-240A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA12-240A.html"},{"name":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/","refsource":"MISC","url":"http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/"},{"name":"SSRT100970","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"name":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day","refsource":"MISC","url":"https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day"},{"name":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html","refsource":"MISC","url":"http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html"},{"name":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html"},{"name":"RHSA-2012:1225","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-1225.html"},{"name":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html","refsource":"MISC","url":"http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html"},{"name":"51044","refsource":"SECUNIA","url":"http://secunia.com/advisories/51044"},{"name":"HPSBUX02824","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=135109152819176&w=2"},{"name":"55213","refsource":"BID","url":"http://www.securityfocus.com/bid/55213"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2012-4681","datePublished":"2012-08-28T00:00:00.000Z","dateReserved":"2012-08-27T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:46.560Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-08-28 00:55:01","lastModifiedDate":"2026-04-21 18:38:11","problem_types":["NVD-CWE-Other","CWE-284","n/a","CWE-284 CWE-284 Improper Access Control"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*","matchCriteriaId":"4A420DA5-1346-446B-8D23-E1E6DDBE527E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*","matchCriteriaId":"B8CA8719-7ABE-4279-B49E-C414794A4FE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*","matchCriteriaId":"DC92B7EC-849F-4255-9D55-43681B8DADC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*","matchCriteriaId":"2ABC1045-7D3D-4A14-B994-7E60A4BB4C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*","matchCriteriaId":"1F3C1E65-929A-4468-8584-F086E6E59839"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*","matchCriteriaId":"42C95C1D-0C2E-4733-AB1B-65650D88995D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*","matchCriteriaId":"47A9F499-D1E3-41BD-AC18-E8D3D3231C12"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*","matchCriteriaId":"D45B0D7E-BA0F-4AAA-A7BA-2ADA4CC90D94"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*","matchCriteriaId":"D58A3E4F-2409-440A-891E-0B84D79AB480"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*","matchCriteriaId":"3FC2226B-CFEF-48A4-83EA-1F59F4AF7528"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*","matchCriteriaId":"F29DC78F-4D02-47B4-A955-32080B22356C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*","matchCriteriaId":"81A4204E-6F50-45FB-A343-7A30C0CD6D3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*","matchCriteriaId":"D6E07069-D6EE-4D44-94A6-CDCA4A50E6F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*","matchCriteriaId":"4B151882-47C0-400E-BBAB-A949E6140C86"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*","matchCriteriaId":"6DB4F19E-DFC4-42F4-87B9-32FB1C496649"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*","matchCriteriaId":"301E96A3-AD2F-48F3-9166-571BD6F9FAE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*","matchCriteriaId":"6C9215D9-DB64-4CEE-85E6-E247035EFB09"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*","matchCriteriaId":"352509FE-54D9-4A59-98B7-96E5E98BC2CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*","matchCriteriaId":"C3EC13D3-4CE7-459C-A7D7-7D38C1284720"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*","matchCriteriaId":"8CDCD1B4-C5F3-4188-B05F-23922F7DE517"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*","matchCriteriaId":"1824DA2D-26D5-4595-8376-8E41AB8C5E52"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*","matchCriteriaId":"B72F78B7-10D1-49CF-AC4D-3B10921CB633"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*","matchCriteriaId":"344FA3EA-9E25-493C-976A-211D1404B251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*","matchCriteriaId":"60D05860-9424-4727-B583-74A35BC9BDFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*","matchCriteriaId":"F85DB431-FEA4-42E7-AC29-6B66174DCD9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*","matchCriteriaId":"FB7E911C-C780-440A-ABFF-CCE09061BB4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*","matchCriteriaId":"0381EE39-2F60-49FD-A63A-B9E81C9033CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*","matchCriteriaId":"9AD75455-B7F0-4F42-98E7-CAA43787D606"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update4:*:*:*:*:*:*","matchCriteriaId":"D081A380-5AA4-4451-94A9-7B65810106E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update5:*:*:*:*:*:*","matchCriteriaId":"112E7575-A3A0-4A94-AD39-7B2325B150B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update6:*:*:*:*:*:*","matchCriteriaId":"708E8CEF-82EE-4D4B-ABF9-87AA4878F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update7:*:*:*:*:*:*","matchCriteriaId":"D5D9D9A7-8819-44A4-80AC-52D6B63A0C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update8:*:*:*:*:*:*","matchCriteriaId":"FEB2C8A3-E0DC-46A3-BD82-8E45DA55ED0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6.0:update9:*:*:*:*:*:*","matchCriteriaId":"64B5B16D-061A-438D-A8CF-9E63D6C748D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*","matchCriteriaId":"ACABC935-5DD6-4F85-992E-70AD517EF41D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*","matchCriteriaId":"6152036D-6421-4AE4-9223-766FE07B5A44"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*","matchCriteriaId":"D375CECB-405C-4E18-A7E8-9C5A2F97BD69"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*","matchCriteriaId":"52EEEA5A-E77C-43CF-A063-9D5C64EA1870"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*","matchCriteriaId":"003746F6-DEF0-4D0F-AD97-9E335868E301"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*","matchCriteriaId":"CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*","matchCriteriaId":"6BAE3670-0938-480A-8472-DFF0B3A0D0BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*","matchCriteriaId":"EB864346-1429-46B5-A91E-A1126C486421"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*","matchCriteriaId":"F199B346-B95E-4DCA-B750-148A36D559BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*","matchCriteriaId":"D16229B8-1642-4C10-8650-A9CEA9D4C98C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*","matchCriteriaId":"1714BDEF-6B0E-42BB-9510-3F9B52E170BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*","matchCriteriaId":"830A3A51-F17A-4C61-8F5C-6A4582A64DA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*","matchCriteriaId":"9DE0E496-719D-4CEF-837F-B060A898099F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*","matchCriteriaId":"3B02F361-0C64-4CB8-8DAD-A63F1A9CC025"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*","matchCriteriaId":"FD4CC3E2-7BEA-4D8C-811C-C5012327A9AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*","matchCriteriaId":"9F63A8AC-893D-4D75-B467-85E70B62541D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*","matchCriteriaId":"D7823AE6-CB18-47DE-8A4F-1F98394B7237"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*","matchCriteriaId":"381EFA43-DB73-48EA-A4B1-F451EF60D845"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*","matchCriteriaId":"77C54E00-0197-4C87-9BFF-01A099AC3006"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*","matchCriteriaId":"64AD6007-EB92-4D0E-A0CB-8FFDDB61AA6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*","matchCriteriaId":"7415177F-A2FE-47AB-8D92-194A4F6D75C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*","matchCriteriaId":"52FA600C-08B6-4143-9C72-DB31E489DE3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*","matchCriteriaId":"EF13B96D-1F80-4672-8DA3-F86F6D3BF070"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*","matchCriteriaId":"D1A2D440-D966-41A6-955D-38B28DDE0FDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*","matchCriteriaId":"B1C57774-AD93-4162-8E45-92B09139C808"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*","matchCriteriaId":"CD7C4194-D34A-418F-9B00-5C6012844AAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*","matchCriteriaId":"DAF7D86B-1B4D-4E1F-9EF0-DA7E419D7E99"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*","matchCriteriaId":"F0B82FB1-0F0E-44F9-87AE-628517279E4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*","matchCriteriaId":"A0A67640-2F4A-488A-9D8F-3FE1F4DA8DEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*","matchCriteriaId":"2752B83A-6DD2-4829-9E4F-42CDDCBC38C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*","matchCriteriaId":"0D60D98D-4363-44A0-AAB4-B61BA623EE21"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*","matchCriteriaId":"23CDA4F0-C32B-4B08-A377-7D4426C2F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*","matchCriteriaId":"8E76476E-4120-46A9-90A8-A95FE89636CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*","matchCriteriaId":"97A84689-0CED-404F-8DC3-708BEB37D2CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*","matchCriteriaId":"738EC3E5-A4EB-47FE-9C9A-7C8E8C669765"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*","matchCriteriaId":"964CCFD6-316A-48C6-9A6B-7CFD1A1FB027"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*","matchCriteriaId":"DC8771D7-9531-4A1D-B2DE-FAA7A7549801"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*","matchCriteriaId":"6C59C275-5964-4E5D-BE80-BA4EA34BEA62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*","matchCriteriaId":"47C1922B-37E8-4009-97C7-B243F6F96704"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*","matchCriteriaId":"6B3A8681-3EAC-4D02-811A-5FCCCC7B5635"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*","matchCriteriaId":"DFAA351A-93CD-46A8-A480-CE2783CCD620"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*","matchCriteriaId":"F4B153FD-E20B-4909-8B10-884E48F5B590"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*","matchCriteriaId":"CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*","matchCriteriaId":"5831D70B-3854-4CB8-B88D-40F1743DAEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*","matchCriteriaId":"EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*","matchCriteriaId":"BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*","matchCriteriaId":"F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*","matchCriteriaId":"8382A145-CDD9-437E-9DE7-A349956778B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"4681","Ordinal":"1","Title":"CVE-2012-4681","CVE":"CVE-2012-4681","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"4681","Ordinal":"1","NoteData":"Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.","Type":"Description","Title":"CVE-2012-4681"},{"CveYear":"2012","CveId":"4681","Ordinal":"2","NoteData":"2012-08-27","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"4681","Ordinal":"3","NoteData":"2017-08-04","Type":"Other","Title":"Modified"}]}}}