Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Oracle
  • Jre
Redhat
  • Enterprise Linux
  • Network Satellite
  • Rhel Extras
Sun
  • Jre
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Java
  • Linux Enterprise Server
  • Linux Enterprise Software Development Kit

Configuration 1 [-]

OR cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2012:0139 2012-02-16T00:00:00Z
Red Hat Enterprise Linux 5
java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0322 2012-02-21T00:00:00Z
Red Hat Enterprise Linux 6
java-1.6.0-openjdk-1:1.6.0.0-1.43.1.10.6.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0135 2012-02-14T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2013:1455 2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0514 2012-04-24T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.2.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.5.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0514 2012-04-24T00:00:00Z
References
Link Providers
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx cve-icon cve-icon
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133364885411663&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133365109612558&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133847939902305&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254957702612&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0508.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0514.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1455.html cve-icon cve-icon
http://secunia.com/advisories/48589 cve-icon cve-icon
http://secunia.com/advisories/48692 cve-icon cve-icon
http://secunia.com/advisories/48915 cve-icon cve-icon
http://secunia.com/advisories/48948 cve-icon cve-icon
http://secunia.com/advisories/48950 cve-icon cve-icon
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2420 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html cve-icon cve-icon cve-icon
http://www.securityfocus.com/bid/52161 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=788994 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0507 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0507 cve-icon
History

Tue, 13 Aug 2024 23:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2012-06-07T22:00:00

Updated: 2024-08-06T18:23:31.104Z

Reserved: 2012-01-11T00:00:00

Link: CVE-2012-0507

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2012-06-07T22:55:17.883

Modified: 2024-04-26T16:07:55.723

Link: CVE-2012-0507

cve-icon Redhat

Severity : Critical

Publid Date: 2012-02-14T00:00:00Z

Links: CVE-2012-0507 - Bugzilla