Vulnerability-Lookup

CVE-2012-5076 (GCVE-0-2012-5076)

Vulnerability from cvelistv5 – Published: 2012-10-16 21:29 – Updated: 2025-10-22 00:05

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

oracle

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://security.gentoo.org/glsa/glsa-201406-32.xml	vendor-advisoryx_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2012-1386.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-1391.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/51029	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/51390	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-1467.html	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/51326	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:58:01.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2012:1398",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "RHSA-2012:1386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
          },
          {
            "name": "RHSA-2012:1391",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
          },
          {
            "name": "51029",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51029"
          },
          {
            "name": "51390",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51390"
          },
          {
            "name": "RHSA-2012:1467",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16641",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
          },
          {
            "name": "51326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51326"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2012-5076",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T19:52:51.647416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-28",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:46.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-28T00:00:00.000Z",
            "value": "CVE-2012-5076 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "SUSE-SU-2012:1398",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "RHSA-2012:1386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
        },
        {
          "name": "RHSA-2012:1391",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
        },
        {
          "name": "51029",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51029"
        },
        {
          "name": "51390",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51390"
        },
        {
          "name": "RHSA-2012:1467",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
        },
        {
          "name": "oval:org.mitre.oval:def:16641",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
        },
        {
          "name": "51326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51326"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2012-5076",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2012:1398",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "RHSA-2012:1386",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
            },
            {
              "name": "RHSA-2012:1391",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
            },
            {
              "name": "51029",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51029"
            },
            {
              "name": "51390",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51390"
            },
            {
              "name": "RHSA-2012:1467",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
            },
            {
              "name": "oval:org.mitre.oval:def:16641",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
            },
            {
              "name": "51326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51326"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2012-5076",
    "datePublished": "2012-10-16T21:29:00.000Z",
    "dateReserved": "2012-09-22T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:46.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2012-5076",
      "dateAdded": "2022-03-28",
      "dueDate": "2022-04-18",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2012-5076",
      "product": "Java SE",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.",
      "vendorProject": "Oracle",
      "vulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html\", \"name\": \"SUSE-SU-2012:1398\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201406-32.xml\", \"name\": \"GLSA-201406-32\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1386.html\", \"name\": \"RHSA-2012:1386\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1391.html\", \"name\": \"RHSA-2012:1391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/51029\", \"name\": \"51029\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/51390\", \"name\": \"51390\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1467.html\", \"name\": \"RHSA-2012:1467\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641\", \"name\": \"oval:org.mitre.oval:def:16641\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/51326\", \"name\": \"51326\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T20:58:01.707Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2012-5076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T19:52:51.647416Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-28\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-28T00:00:00.000Z\", \"value\": \"CVE-2012-5076 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T19:53:13.368Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2012-10-16T00:00:00.000Z\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html\", \"name\": \"SUSE-SU-2012:1398\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201406-32.xml\", \"name\": \"GLSA-201406-32\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1386.html\", \"name\": \"RHSA-2012:1386\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1391.html\", \"name\": \"RHSA-2012:1391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://secunia.com/advisories/51029\", \"name\": \"51029\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://secunia.com/advisories/51390\", \"name\": \"51390\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1467.html\", \"name\": \"RHSA-2012:1467\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641\", \"name\": \"oval:org.mitre.oval:def:16641\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://secunia.com/advisories/51326\", \"name\": \"51326\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2017-09-18T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html\", \"name\": \"SUSE-SU-2012:1398\", \"refsource\": \"SUSE\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201406-32.xml\", \"name\": \"GLSA-201406-32\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1386.html\", \"name\": \"RHSA-2012:1386\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1391.html\", \"name\": \"RHSA-2012:1391\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://secunia.com/advisories/51029\", \"name\": \"51029\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://secunia.com/advisories/51390\", \"name\": \"51390\", \"refsource\": \"SECUNIA\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-1467.html\", \"name\": \"RHSA-2012:1467\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641\", \"name\": \"oval:org.mitre.oval:def:16641\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\", \"name\": \"http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://secunia.com/advisories/51326\", \"name\": \"51326\", \"refsource\": \"SECUNIA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2012-5076\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2012-5076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:46.105Z\", \"dateReserved\": \"2012-09-22T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2012-10-16T21:29:00.000Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2012-AVI-576

Vulnerability from certfr_avis - Published: 2012-10-17 - Updated: 2012-10-17

Trente vulnérabilités ont été corrigées dans Oracle Java. Vingt-neuf permettent d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle JavaFX 2.2 et antérieures
Oracle	N/A	Oracle JDK et JRE 6 (mise à jour 35) et antérieures
Oracle	N/A	Oracle JDK et JRE 7 (mise à jour 7) et antérieures
Oracle	N/A	Oracle JDK et JRE 5.0 (mise à jour 36) et antérieures
Oracle	N/A	Oracle SDK et JRE 1.4.2_38 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 16 octobre 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle JavaFX 2.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JDK et JRE 6 (mise \u00e0 jour 35) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JDK et JRE 7 (mise \u00e0 jour 7) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JDK et JRE 5.0 (mise \u00e0 jour 36) et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle SDK et JRE 1.4.2_38 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-5078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5078"
    },
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2012-5088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5088"
    },
    {
      "name": "CVE-2012-5067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5067"
    },
    {
      "name": "CVE-2012-5074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5074"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-5070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5070"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2012-5080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5080"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-5087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5087"
    },
    {
      "name": "CVE-2012-4681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4681"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-5082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5082"
    },
    {
      "name": "CVE-2012-5085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5085"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-5076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5076"
    }
  ],
  "initial_release_date": "2012-10-17T00:00:00",
  "last_revision_date": "2012-10-17T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-576",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Trente vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eOracle\nJava\u003c/span\u003e. Vingt-neuf permettent d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2012",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
    }
  ]
}

CERTA-2012-AVI-714

Vulnerability from certfr_avis - Published: 2012-12-11 - Updated: 2012-12-11

De multiples vulnérabilités ont été corrigées dans IBM Rational. Elles concernent les composants Java JRE et peuvent mener un utilisateur malintentionné à exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Rational Service versions antérieures à 8.3.0.1
	IBM	N/A	IBM Rational Performance versions antérieures à 8.3.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité swg21617321 du 07 décembre 2012	None	vendor-advisory
Bulletin de sécurité IBM swg21617323 du 07 décembre 2012	None	vendor-advisory
Bulletin de sécurité IBM swg21617321 du 07 décembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Rational Service versions ant\u00e9rieures \u00e0 8.3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Performance versions ant\u00e9rieures \u00e0 8.3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2012-5088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5088"
    },
    {
      "name": "CVE-2012-5067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5067"
    },
    {
      "name": "CVE-2012-5074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5074"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-5070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5070"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-5087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5087"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-5076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5076"
    }
  ],
  "initial_release_date": "2012-12-11T00:00:00",
  "last_revision_date": "2012-12-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617321 du 07 d\u00e9cembre 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617321"
    }
  ],
  "reference": "CERTA-2012-AVI-714",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Rational\u003c/span\u003e. Elles concernent les composants\n\u003cspan class=\"textit\"\u003eJava JRE\u003c/span\u003e et peuvent mener un utilisateur\nmalintentionn\u00e9 \u00e0 ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 swg21617321 du 07 d\u00e9cembre 2012",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617323 du 07 d\u00e9cembre 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617323"
    }
  ]
}

FKIE_CVE-2012-5076

Vulnerability from fkie_nvd - Published: 2012-10-16 21:55 - Updated: 2025-10-22 01:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert_us@oracle.com	http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	http://rhn.redhat.com/errata/RHSA-2012-1386.html	Third Party Advisory
secalert_us@oracle.com	http://rhn.redhat.com/errata/RHSA-2012-1391.html	Third Party Advisory
secalert_us@oracle.com	http://rhn.redhat.com/errata/RHSA-2012-1467.html	Third Party Advisory
secalert_us@oracle.com	http://secunia.com/advisories/51029	Not Applicable
secalert_us@oracle.com	http://secunia.com/advisories/51326	Not Applicable
secalert_us@oracle.com	http://secunia.com/advisories/51390	Not Applicable
secalert_us@oracle.com	http://security.gentoo.org/glsa/glsa-201406-32.xml	Third Party Advisory
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html	Patch, Vendor Advisory
secalert_us@oracle.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1386.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1391.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1467.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51029	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51326	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51390	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201406-32.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076

Impacted products

Vendor	Product	Version
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
suse	linux_enterprise_desktop	11

JSON

To clipboard

{
  "cisaActionDue": "2022-04-18",
  "cisaExploitAdd": "2022-03-28",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE v7 Update 7 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad. Se trata de un problema relacionado con JAX-WS.\r\n"
    }
  ],
  "id": "CVE-2012-5076",
  "lastModified": "2025-10-22T01:15:45.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2012-10-16T21:55:02.073",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51029"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51326"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51390"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/51390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-V7GG-CCCR-JPFX

Vulnerability from github – Published: 2022-05-17 00:57 – Updated: 2025-10-22 03:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-5076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-16T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.",
  "id": "GHSA-v7gg-cccr-jpfx",
  "modified": "2025-10-22T03:30:32Z",
  "published": "2022-05-17T00:57:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5076"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51029"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51390"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2012-5076

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-5076

Aliases

CVE-2012-5076

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-5076",
    "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.",
    "id": "GSD-2012-5076",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-5076.html",
      "https://access.redhat.com/errata/RHSA-2012:1467",
      "https://access.redhat.com/errata/RHSA-2012:1391",
      "https://access.redhat.com/errata/RHSA-2012:1386",
      "https://linux.oracle.com/cve/CVE-2012-5076.html",
      "https://packetstormsecurity.com/files/cve/CVE-2012-5076"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-5076"
      ],
      "details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.",
      "id": "GSD-2012-5076",
      "modified": "2023-12-13T01:20:19.227588Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2012-5076",
      "dateAdded": "2022-03-28",
      "dueDate": "2022-04-18",
      "product": "Java SE",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.",
      "vendorProject": "Oracle",
      "vulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2012-5076",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SU-2012:1398",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
          },
          {
            "name": "GLSA-201406-32",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "RHSA-2012:1386",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
          },
          {
            "name": "RHSA-2012:1391",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
          },
          {
            "name": "51029",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51029"
          },
          {
            "name": "51390",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51390"
          },
          {
            "name": "RHSA-2012:1467",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16641",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
          },
          {
            "name": "51326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51326"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2022-04-18",
        "cisaExploitAdd": "2022-03-28",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
                    "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
                    "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
                    "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
                    "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
                    "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
                    "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
                    "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE v7 Update 7 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad. Se trata de un problema relacionado con JAX-WS.\r\n"
          }
        ],
        "id": "CVE-2012-5076",
        "lastModified": "2024-04-26T16:07:14.687",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2012-10-16T21:55:02.073",
        "references": [
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Not Applicable"
            ],
            "url": "http://secunia.com/advisories/51029"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Not Applicable"
            ],
            "url": "http://secunia.com/advisories/51326"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Not Applicable"
            ],
            "url": "http://secunia.com/advisories/51390"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
          }
        ],
        "sourceIdentifier": "secalert_us@oracle.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-5076 (GCVE-0-2012-5076)

CERTA-2012-AVI-576

Solution

CERTA-2012-AVI-714

Solution

FKIE_CVE-2012-5076

GHSA-V7GG-CCCR-JPFX

GSD-2012-5076

Tags

Sightings

Nomenclature