CVE-2012-5067 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update

CVE-2012-5067

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

References

Vulnerable Configurations

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-09-2017 - 01:35)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2013-06-03T04:02:44.458-04:00

class

vulnerability

contributors

name	Sergey Artykhov
organization	ALTX-SOFT

definition_extensions

comment	Java SE Runtime Environment 7 is installed
oval	oval:org.mitre.oval:def:16050

description

family

windows

oval:org.mitre.oval:def:16055

status

accepted

submitted

2013-04-17T10:26:26.748+04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2012:1391
rhsa
id RHSA-2012:1467

rpms

java-1.7.0-oracle-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-devel-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-javafx-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-oracle-src-1:1.7.0.9-1jpp.3.el6_3
java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3

refmap via4

bid	56070
confirm	http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
secunia	51326 51390
suse	SUSE-SU-2012:1398
xf	javaruntimeenvironment-deployment-info-disc(79429)

Last major update

19-09-2017 - 01:35

Published

16-10-2012 - 21:55

Last modified

19-09-2017 - 01:35