ID CVE-2012-0501
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html 'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)'
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-01-2018 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2015-03-23T04:00:47.542-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization DTCC
  • name Shane Shaffer
    organization G2, Inc.
  • name Dragos Prisaca
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Runtime Environment 5 is installed
    oval oval:org.mitre.oval:def:15748
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
  • comment Java SE Runtime Environment 7 is installed
    oval oval:org.mitre.oval:def:16050
description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
family windows
id oval:org.mitre.oval:def:15069
status accepted
submitted 2012-02-17T15:24:38.000-05:00
title Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
version 12
redhat via4
advisories
  • rhsa
    id RHSA-2012:0508
  • rhsa
    id RHSA-2012:0514
  • rhsa
    id RHSA-2013:1455
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.43.1.10.6.el6_2
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.43.1.10.6.el6_2
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.43.1.10.6.el6_2
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.43.1.10.6.el6_2
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.43.1.10.6.el6_2
  • java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.25.1.10.6.el5_8
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.25.1.10.6.el5_8
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.25.1.10.6.el5_8
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.25.1.10.6.el5_8
refmap via4
bid 52013
confirm
debian DSA-2420
gentoo GLSA-201406-32
hp
  • HPSBMU02797
  • HPSBMU02799
  • HPSBUX02757
  • HPSBUX02760
  • HPSBUX02784
  • SSRT100779
  • SSRT100805
  • SSRT100867
  • SSRT100871
mandriva MDVSA-2013:150
secunia
  • 48073
  • 48074
  • 48589
  • 48692
  • 48915
  • 48948
  • 48950
suse
  • SUSE-SU-2012:0602
  • SUSE-SU-2012:0603
Last major update 06-01-2018 - 02:29
Published 15-02-2012 - 22:55
Back to Top