CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.  NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.  NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
oracleCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icedtea-web
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
not-affected
hardy
dne
openjdk-6
quantal
not-affected
precise
not-affected
oneiric
Fixed 6b23~pre11-0ubuntu1.11.10.2
released
natty
Fixed 6b22-1.10.6-0ubuntu1
released
maverick
Fixed 6b20-1.9.13-0ubuntu1~10.10.1
released
lucid
Fixed 6b20-1.9.13-0ubuntu1~10.04.1
released
hardy
Fixed 6b27-1.12.3-0ubuntu1~08.04.1
released
openjdk-6b18
quantal
dne
precise
dne
oneiric
ignored
natty
Fixed 6b18-1.8.13-0ubuntu1~11.04.1
released
maverick
Fixed 6b18-1.8.13-0ubuntu1~10.10.1
released
lucid
Fixed 6b18-1.8.13-0ubuntu1~10.04.1
released
hardy
dne
openjdk-7
quantal
not-affected
precise
not-affected
oneiric
Fixed 7u9-2.3.3-0ubuntu1~11.10.1
released
natty
dne
maverick
dne
lucid
dne
hardy
dne
sun-java5
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
ignored
sun-java6
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
ignored
Common Weakness Enumeration
References
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/48589
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/48950
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
http://www.debian.org/security/2012/dsa-2420
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securityfocus.com/bid/52161
https://bugzilla.redhat.com/show_bug.cgi?id=788994
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/48589
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/48950
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
http://www.debian.org/security/2012/dsa-2420
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securityfocus.com/bid/52161
https://bugzilla.redhat.com/show_bug.cgi?id=788994