CVE-2012-5080

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/56068	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/79439
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16221

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:javafx::::::::
	cpe:2.3:a:oracle:javafx:1.2:::::::*
	cpe:2.3:a:oracle:javafx:1.2.2:::::::*
	cpe:2.3:a:oracle:javafx:1.2.3:::::::*
	cpe:2.3:a:oracle:javafx:1.3.0:::::::*
	cpe:2.3:a:oracle:javafx:1.3.1:::::::*
	cpe:2.3:a:oracle:javafx:2.0:::::::*
	cpe:2.3:a:oracle:javafx:2.0.2:::::::*
	cpe:2.3:a:oracle:javafx:2.0.3:::::::*
	cpe:2.3:a:oracle:javafx:2.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-16 21:55

Updated : 2017-09-19 01:35

NVD link : CVE-2012-5080

Mitre link : CVE-2012-5080

CVE.ORG link : CVE-2012-5080

JSON object : View

Products Affected

suse

linux_enterprise_desktop

oracle

javafx

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-5080", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-10-16T21:55:02.227", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/56068", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79439", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16221", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente JavaFX en Oracle Java SE JavaFX 2.2 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2012-5078."}], "lastModified": "2017-09-19T01:35:25.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66D9DE78-8488-4E1C-86CB-00C614B2A6FB", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:oracle:javafx:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855EE6EA-E83A-44ED-9B55-5443DC43C09C"}, {"criteria": "cpe:2.3:a:oracle:javafx:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F2D2905-5599-4981-AA20-76D7BB94D321"}, {"criteria": "cpe:2.3:a:oracle:javafx:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88A002E2-FE19-48E3-B899-1DA0B04A44D6"}, {"criteria": "cpe:2.3:a:oracle:javafx:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC888EE-3C31-403A-B91B-1F7502900AF1"}, {"criteria": "cpe:2.3:a:oracle:javafx:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC21B373-8BE0-4D00-B2C0-9F600C718380"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BDB79F-96E0-43A4-81CD-BADF0B039006"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC0E861D-AEBC-46EF-8CA6-CF7DE2518DB6"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4477BB-9B0A-4874-9A5B-1B6193DC94E4"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA3A1CE-1531-426A-A600-4DD6FB63D01A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"", "sourceIdentifier": "secalert_us@oracle.com"}