gsd-2012-5076
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2012-5076", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.", "id": "GSD-2012-5076", "references": [ "https://www.suse.com/security/cve/CVE-2012-5076.html", "https://access.redhat.com/errata/RHSA-2012:1467", "https://access.redhat.com/errata/RHSA-2012:1391", "https://access.redhat.com/errata/RHSA-2012:1386", "https://linux.oracle.com/cve/CVE-2012-5076.html", "https://packetstormsecurity.com/files/cve/CVE-2012-5076" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2012-5076" ], "details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.", "id": "GSD-2012-5076", "modified": "2023-12-13T01:20:19.227588Z", "schema_version": "1.4.0" } }, "namespaces": { "cisa.gov": { "cveID": "CVE-2012-5076", "dateAdded": "2022-03-28", "dueDate": "2022-04-18", "product": "Java SE", "requiredAction": "Apply updates per vendor instructions.", "shortDescription": "The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability" }, "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2012-5076", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2012:1398", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" }, { "name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "name": "RHSA-2012:1386", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" }, { "name": "RHSA-2012:1391", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" }, { "name": "51029", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51029" }, { "name": "51390", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51390" }, { "name": "RHSA-2012:1467", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" }, { "name": "oval:org.mitre.oval:def:16641", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" }, { "name": "51326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51326" } ] } }, "nvd.nist.gov": { "cve": { "cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS." }, { "lang": "es", "value": "Una vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE v7 Update 7 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad. Se trata de un problema relacionado con JAX-WS.\r\n" } ], "id": "CVE-2012-5076", "lastModified": "2024-04-26T16:07:14.687", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-10-16T21:55:02.073", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/51029" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/51326" }, { "source": "secalert_us@oracle.com", "tags": [ "Not Applicable" ], "url": "http://secunia.com/advisories/51390" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.