{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "SUSE-SU-2012:1398", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "RHSA-2012:1386", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"}, {"name": "RHSA-2012:1391", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"}, {"name": "51029", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51029"}, {"name": "javaruntimeenvironment-jmx-info-disc(79430)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79430"}, {"name": "51390", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51390"}, {"name": "RHSA-2012:1467", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"}, {"name": "oval:org.mitre.oval:def:16093", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093"}, {"name": "56079", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56079"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"}, {"name": "51326", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51326"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2012-5070", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2012:1398", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"}, {"name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "RHSA-2012:1386", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"}, {"name": "RHSA-2012:1391", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"}, {"name": "51029", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51029"}, {"name": "javaruntimeenvironment-jmx-info-disc(79430)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79430"}, {"name": "51390", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51390"}, {"name": "RHSA-2012:1467", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"}, {"name": "oval:org.mitre.oval:def:16093", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093"}, {"name": "56079", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56079"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"}, {"name": "51326", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51326"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:58:01.471Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2012:1398", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "RHSA-2012:1386", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"}, {"name": "RHSA-2012:1391", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"}, {"name": "51029", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51029"}, {"name": "javaruntimeenvironment-jmx-info-disc(79430)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79430"}, {"name": "51390", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51390"}, {"name": "RHSA-2012:1467", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"}, {"name": "oval:org.mitre.oval:def:16093", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093"}, {"name": "56079", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56079"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"}, {"name": "51326", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51326"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2012-5070", "datePublished": "2012-10-16T21:29:00", "dateReserved": "2012-09-22T00:00:00", "dateUpdated": "2024-08-06T20:58:01.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:*", "matchCriteriaId": "ADD9674C-3207-4D8D-A9C3-2EA53E33532B", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:*", "matchCriteriaId": "9DC59C00-DFD8-404D-82C6-751C470D7B66", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 permite a atacantes remotos afectar la confidencialidad a trav\u00e9s de vectores desconocidos relacionados con JMX.\r\n"}], "evaluatorImpact": "Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html\r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"", "id": "CVE-2012-5070", "lastModified": "2017-09-19T01:35:24.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-16T21:55:01.760", "references": [{"source": "secalert_us@oracle.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/51029"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/51326"}, {"source": "secalert_us@oracle.com", "url": "http://secunia.com/advisories/51390"}, {"source": "secalert_us@oracle.com", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/56079"}, {"source": "secalert_us@oracle.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79430"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16093"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:1386", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.9-2.3.3.el6_3.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-10-17T00:00:00Z"}, {"advisory": "RHSA-2012:1391", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-oracle-1:1.7.0.9-1jpp.3.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2012-10-18T00:00:00Z"}, {"advisory": "RHSA-2012:1467", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2012-11-15T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: EnvHelp information disclosure (JMX, 7158796)", "id": "865350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865350"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX."], "name": "CVE-2012-5070", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "java-1.7.0-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "java-1.7.0-oracle", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5070\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5070\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"], "threat_severity": "Moderate", "upstream_fix": "icedtea7 2.1.3, icedtea7 2.2.3, icedtea7 2.3.3"}