Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.93568.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Oracle
  • Jre
Redhat
  • Enterprise Linux
  • Network Satellite
  • Rhel Extras
Sun
  • Jre
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Java
  • Linux Enterprise Server
  • Linux Enterprise Software Development Kit

Configuration 1 [-]

OR cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2012:0139 2012-02-16T00:00:00Z
Red Hat Enterprise Linux 5
java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0322 2012-02-21T00:00:00Z
Red Hat Enterprise Linux 6
java-1.6.0-openjdk-1:1.6.0.0-1.43.1.10.6.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0135 2012-02-14T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2013:1455 2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0514 2012-04-24T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.2.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.5.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0514 2012-04-24T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-2420-1 openjdk-6 security update
Ubuntu USN Ubuntu USN USN-1373-1 OpenJDK 6 vulnerabilities
Ubuntu USN Ubuntu USN USN-1373-2 OpenJDK 6 (ARM) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx cve-icon cve-icon
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133364885411663&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133365109612558&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133847939902305&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254957702612&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0508.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0514.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1455.html cve-icon cve-icon
http://secunia.com/advisories/48589 cve-icon cve-icon
http://secunia.com/advisories/48692 cve-icon cve-icon
http://secunia.com/advisories/48915 cve-icon cve-icon
http://secunia.com/advisories/48948 cve-icon cve-icon
http://secunia.com/advisories/48950 cve-icon cve-icon
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2420 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html cve-icon cve-icon cve-icon
http://www.securityfocus.com/bid/52161 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=788994 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0507 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0507 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0507 cve-icon
History

Wed, 22 Oct 2025 01:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 10 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

kev

{'dateAdded': '2022-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Aug 2024 23:30:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2025-10-22T00:05:47.423Z

Reserved: 2012-01-11T00:00:00.000Z

Link: CVE-2012-0507

cve-icon Vulnrichment

Updated: 2024-08-06T18:23:31.104Z

cve-icon NVD

Status : Deferred

Published: 2012-06-07T22:55:17.883

Modified: 2025-10-22T01:15:42.420

Link: CVE-2012-0507

cve-icon Redhat

Severity : Critical

Publid Date: 2012-02-14T00:00:00Z

Links: CVE-2012-0507 - Bugzilla

cve-icon OpenCVE Enrichment

No data.