Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0507

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-0507
Last Modified 06 Feb 2014 11:37:44
Published 07 Jun 2012 06:55:17
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0507

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Vulnerable Systems

Application

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=788994

BID - 52161

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

MISC - http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3

MISC - http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/

MISC - http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx

SECUNIA - 48589

SECUNIA - 48692

SECUNIA - 48950

SECUNIA - 48948

SECUNIA - 48915

REDHAT - RHSA-2013:1455

DEBIAN - DSA-2420

Related Patches

Apple 2012-04-03 Java for Mac OS X 10.6 Update 7

Apple 2012-04-03 Java for OS X Lion 2012-001

Apple 2012-04-12 Java for OS X Lion 2012-003

Apple 2012-04-12 Java for Mac OS X 10.6 Update 8

Red Hat 2012:0322-01 RHSA Important: java-1.6.0-openjdk security update for RHEL 5 x86

Red Hat 2012:0322-01 RHSA Important: java-1.6.0-openjdk security update for RHEL 5 x86_64

Novell SUSE 2012:6225 java-1_6_0-ibm security update for SLES 11 SP1 i586

Novell SUSE 2012:6225 java-1_6_0-ibm security update for SLES 11 SP1 x86_64

Novell SUSE 2012:8094 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2012:8094 java-1_6_0-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2012:8100 java-1_5_0-ibm security update for SLE 10 SP4 i586

Novell SUSE 2012:8100 java-1_5_0-ibm security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:30