CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1386.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1391.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1467.html	Third Party Advisory
http://secunia.com/advisories/51029	Not Applicable
http://secunia.com/advisories/51326	Not Applicable
http://secunia.com/advisories/51390	Not Applicable
http://security.gentoo.org/glsa/glsa-201406-32.xml	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jre:1.7.0:-::::::
	cpe:2.3:a:oracle:jre:1.7.0:update1::::::
	cpe:2.3:a:oracle:jre:1.7.0:update2::::::
	cpe:2.3:a:oracle:jre:1.7.0:update3::::::
	cpe:2.3:a:oracle:jre:1.7.0:update4::::::
	cpe:2.3:a:oracle:jre:1.7.0:update5::::::
	cpe:2.3:a:oracle:jre:1.7.0:update6::::::
	cpe:2.3:a:oracle:jre:1.7.0:update7::::::

Configuration 2 (hide)

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-16 21:55

Updated : 2024-04-26 16:07

NVD link : CVE-2012-5076

Mitre link : CVE-2012-5076

CVE.ORG link : CVE-2012-5076

JSON object : View

Products Affected

suse

linux_enterprise_desktop

oracle

jre

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-5076", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-16T21:55:02.073", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51029", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51326", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/51390", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641", "tags": ["Broken Link"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE v7 Update 7 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad. Se trata de un problema relacionado con JAX-WS.\r\n"}], "lastModified": "2024-04-26T16:07:14.687", "cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability"}