This discussion is archived
0 Replies Latest reply: Sep 28, 2012 4:11 PM by user467396 - oracle RSS

CVE-2012-X

user467396 - oracle Newbie
Currently Being Moderated
SecLists claims to have "discovered yet another security vulnerability" http://seclists.org/bugtraq/2012/Sep/109. It is unclear to me if they are talking about a vulnerability in addition to CVE-2012-4681 and whether the findings will be bundled into CVE-2012-4681. I intend to inquire internally whether exploitable code exists for any vulnerabilities subsequent to -4681. There does not seem to be a new CVE number associated with seclist's finding.

I'm also hoping to open some forum discussion to help us understand better the scope of the threat. The CVE-2012-4681 references the Oracle press release which indicates "These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications" http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html. Why would only browser clients be vulnerable? Wouldn't standalone clients that might attempt to retrieve a URL that may contain malicious code also be at risk?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points