CVE-2012-5070

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://rhn.redhat.com/errata/RHSA-2012-1391.html
http://rhn.redhat.com/errata/RHSA-2012-1467.html
http://secunia.com/advisories/51029
http://secunia.com/advisories/51326
http://secunia.com/advisories/51390
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/56079
https://exchange.xforce.ibmcloud.com/vulnerabilities/79430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk::update7::::::*
	cpe:2.3:a:oracle:jdk:1.7.0:::::::*
	cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
	cpe:2.3:a:oracle:jre::update7::::::*
	cpe:2.3:a:oracle:jre:1.7.0:::::::*
	cpe:2.3:a:oracle:jre:1.7.0:update1::::::
	cpe:2.3:a:oracle:jre:1.7.0:update2::::::
	cpe:2.3:a:oracle:jre:1.7.0:update3::::::
	cpe:2.3:a:oracle:jre:1.7.0:update4::::::
	cpe:2.3:a:oracle:jre:1.7.0:update5::::::
	cpe:2.3:a:oracle:jre:1.7.0:update6::::::

History

No history.

Information

Published : 2012-10-16 21:55

Updated : 2017-09-19 01:35

NVD link : CVE-2012-5070

Mitre link : CVE-2012-5070

CVE.ORG link : CVE-2012-5070

JSON object : View

Products Affected

oracle

jre
jdk

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-5070", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-16T21:55:01.760", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51029", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51326", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51390", "source": "secalert_us@oracle.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/56079", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79430", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 permite a atacantes remotos afectar la confidencialidad a trav\u00e9s de vectores desconocidos relacionados con JMX.\r\n"}], "lastModified": "2017-09-19T01:35:24.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD9674C-3207-4D8D-A9C3-2EA53E33532B", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC59C00-DFD8-404D-82C6-751C470D7B66", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"", "sourceIdentifier": "secalert_us@oracle.com"}