ID CVE-2012-5088
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-09-2017 - 01:35)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-06-03T04:03:19.363-04:00
class vulnerability
contributors
name Sergey Artykhov
organization ALTX-SOFT
definition_extensions
comment Java SE Runtime Environment 7 is installed
oval oval:org.mitre.oval:def:16050
description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
family windows
id oval:org.mitre.oval:def:16605
status accepted
submitted 2013-04-17T10:26:26.748+04:00
title Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
version 4
redhat via4
advisories
  • rhsa
    id RHSA-2012:1386
  • rhsa
    id RHSA-2012:1391
  • rhsa
    id RHSA-2012:1467
rpms
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.3.el6_3.1
  • java-1.7.0-oracle-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-javafx-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.9-1jpp.3.el6_3
  • java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
  • java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
secunia
  • 51029
  • 51326
  • 51390
suse SUSE-SU-2012:1398
xf javaruntimeenvironment-lib-cve20125088(79420)
Last major update 19-09-2017 - 01:35
Published 16-10-2012 - 21:55
Last modified 19-09-2017 - 01:35
Back to Top