10

CVE-2012-0507

Warnung
Exploit

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.  NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.  NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJre Version1.5.0 Update-
SunJre Version1.5.0 Updateupdate1
SunJre Version1.5.0 Updateupdate10
SunJre Version1.5.0 Updateupdate11
SunJre Version1.5.0 Updateupdate12
SunJre Version1.5.0 Updateupdate13
SunJre Version1.5.0 Updateupdate14
SunJre Version1.5.0 Updateupdate15
SunJre Version1.5.0 Updateupdate16
SunJre Version1.5.0 Updateupdate17
SunJre Version1.5.0 Updateupdate18
SunJre Version1.5.0 Updateupdate19
SunJre Version1.5.0 Updateupdate2
SunJre Version1.5.0 Updateupdate20
SunJre Version1.5.0 Updateupdate21
SunJre Version1.5.0 Updateupdate22
SunJre Version1.5.0 Updateupdate23
SunJre Version1.5.0 Updateupdate24
SunJre Version1.5.0 Updateupdate25
SunJre Version1.5.0 Updateupdate26
SunJre Version1.5.0 Updateupdate27
SunJre Version1.5.0 Updateupdate28
SunJre Version1.5.0 Updateupdate29
SunJre Version1.5.0 Updateupdate3
SunJre Version1.5.0 Updateupdate31
SunJre Version1.5.0 Updateupdate33
SunJre Version1.5.0 Updateupdate4
SunJre Version1.5.0 Updateupdate5
SunJre Version1.5.0 Updateupdate6
SunJre Version1.5.0 Updateupdate7
SunJre Version1.5.0 Updateupdate8
SunJre Version1.5.0 Updateupdate9
OracleJre Version1.6.0 Updateupdate22
OracleJre Version1.6.0 Updateupdate23
OracleJre Version1.6.0 Updateupdate24
OracleJre Version1.6.0 Updateupdate25
OracleJre Version1.6.0 Updateupdate26
OracleJre Version1.6.0 Updateupdate27
OracleJre Version1.6.0 Updateupdate29
OracleJre Version1.6.0 Updateupdate30
SunJre Version1.6.0 Update-
SunJre Version1.6.0 Updateupdate_1
SunJre Version1.6.0 Updateupdate_10
SunJre Version1.6.0 Updateupdate_11
SunJre Version1.6.0 Updateupdate_12
SunJre Version1.6.0 Updateupdate_13
SunJre Version1.6.0 Updateupdate_14
SunJre Version1.6.0 Updateupdate_15
SunJre Version1.6.0 Updateupdate_16
SunJre Version1.6.0 Updateupdate_17
SunJre Version1.6.0 Updateupdate_18
SunJre Version1.6.0 Updateupdate_19
SunJre Version1.6.0 Updateupdate_2
SunJre Version1.6.0 Updateupdate_20
SunJre Version1.6.0 Updateupdate_21
SunJre Version1.6.0 Updateupdate_3
SunJre Version1.6.0 Updateupdate_4
SunJre Version1.6.0 Updateupdate_5
SunJre Version1.6.0 Updateupdate_6
SunJre Version1.6.0 Updateupdate_7
OracleJre Version1.7.0 Update-
OracleJre Version1.7.0 Updateupdate1
OracleJre Version1.7.0 Updateupdate2
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Java Version10 Updatesp4
SuseLinux Enterprise Java Version11 Updatesp1
SuseLinux Enterprise Server Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Server Version11 Updatesp1 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp1 SwPlatformvmware
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Schwachstelle

An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.78% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://secunia.com/advisories/48692
Broken Link
Not Applicable
http://secunia.com/advisories/48915
Broken Link
Not Applicable
http://secunia.com/advisories/48948
Broken Link
Not Applicable
http://secunia.com/advisories/48589
Broken Link
Not Applicable
http://secunia.com/advisories/48950
Broken Link
Not Applicable
http://www.debian.org/security/2012/dsa-2420
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/52161
Third Party Advisory
Exploit
Broken Link
VDB Entry