10
CVE-2012-0507
- EPSS 93.78%
- Published 07.06.2012 22:55:17
- Last modified 11.04.2025 00:51:21
- Source secalert_us@oracle.com
- Teams watchlist Login
- Open Login
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Java Version10 Updatesp4
Suse ≫ Linux Enterprise Java Version11 Updatesp1
Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatformvmware
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
VulnerabilityAn incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.78% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.