Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Published

2012-06-07T22:55:17.883

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-843

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Operating System	debian	debian_linux	6.0	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_java	10	Yes
Operating System	suse	linux_enterprise_java	11	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_software_development_kit	11	Yes
Operating System	suse	linux_enterprise_software_development_kit	11	Yes

References

http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx Third Party Advisory, Broken Link ([email protected])
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html Issue Tracking, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0508.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0514.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1455.html Third Party Advisory ([email protected])
http://secunia.com/advisories/48589 Not Applicable, Broken Link ([email protected])
http://secunia.com/advisories/48692 Not Applicable, Broken Link ([email protected])
http://secunia.com/advisories/48915 Not Applicable, Broken Link ([email protected])
http://secunia.com/advisories/48948 Not Applicable, Broken Link ([email protected])
http://secunia.com/advisories/48950 Not Applicable, Broken Link ([email protected])
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 Exploit, Broken Link ([email protected])
http://www.debian.org/security/2012/dsa-2420 Mailing List, Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/52161 Exploit, Third Party Advisory, VDB Entry, Broken Link ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=788994 Issue Tracking ([email protected])
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx Third Party Advisory, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133364885411663&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133365109612558&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=133847939902305&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254866602253&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134254957702612&w=2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0508.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0514.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1455.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48589 Not Applicable, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48692 Not Applicable, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48915 Not Applicable, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48948 Not Applicable, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48950 Not Applicable, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 Exploit, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2420 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/52161 Exploit, Third Party Advisory, VDB Entry, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=788994 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)