Vulnerability Details CVE-2012-5076
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.925
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Ransomware Campaign
Unknown
References
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2012-1386.html
- http://rhn.redhat.com/errata/RHSA-2012-1391.html
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://secunia.com/advisories/51029
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51390
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2012-1386.html
- http://rhn.redhat.com/errata/RHSA-2012-1391.html
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://secunia.com/advisories/51029
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51390
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Products affected by CVE-2012-5076
-
cpe:2.3:a:oracle:jre:1.7.0
-
cpe:2.3:o:suse:linux_enterprise_desktop:11