CVE-2012-0507
CRITICAL
9,8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9365
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
843
Access of Resource Using Incompatible Type ('Type Confusion')
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Potential Impacts:
Read Memory
Modify Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages:
C, C++
Exploit
Java - AtomicReferenceArray Type Violation (Metasploit)
Verified Metasploit Framework (MSF)Java - AtomicReferenceArray Type Violation (Metasploit)
View Exploit Code →
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Java by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Desktop by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Software Development Kit by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Java by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Enterprise Software Development Kit by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jre by Sun
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-s…
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
https://bugzilla.redhat.com/show_bug.cgi?id=788994
http://secunia.com/advisories/48589
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/48950
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
http://www.debian.org/security/2012/dsa-2420
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securityfocus.com/bid/52161
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-s…
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
https://bugzilla.redhat.com/show_bug.cgi?id=788994
http://secunia.com/advisories/48589
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/48950
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
http://www.debian.org/security/2012/dsa-2420
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securityfocus.com/bid/52161