CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-0507

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score79.7420%
EPSS Percentile89.59th
Published2012年6月7日
Last Modified2026年4月22日

Vulnerability Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Affected Platforms (CPE)

📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Sun

Jre

= 1.5.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Oracle

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Sun

Jre

= 1.6.0
📦
Oracle

Jre

= 1.7.0
📦
Oracle

Jre

= 1.7.0
📦
Oracle

Jre

= 1.7.0
💻
Debian

Debian Linux

= 6.0
💻
Debian

Debian Linux

= 7.0
💻
Suse

Linux Enterprise Desktop

= 10
💻
Suse

Linux Enterprise Java

= 10
💻
Suse

Linux Enterprise Java

= 11
💻
Suse

Linux Enterprise Server

= 10
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 11

References & Advisories

🔗 http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
🔗 http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
🔗 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
🔗 http://marc.info/?l=bugtraq&m=133364885411663&w=2
🔗 http://marc.info/?l=bugtraq&m=133365109612558&w=2
🔗 http://marc.info/?l=bugtraq&m=133847939902305&w=2
🔗 http://marc.info/?l=bugtraq&m=134254866602253&w=2

関連する脆弱性情報

CVE-2012-508610.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 3...

CVE-2013-243110.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6...

CVE-2004-276410.0

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untru...

CVE-2013-243210.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 a...