Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-5076

Published: 16/10/2012 Updated: 19/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Oracle

Vulnerability Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and previous versions allows remote malicious users to affect confidentiality, integrity, and availability, related to JAX-WS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre 1.7.0

oracle jdk

oracle jdk 1.7.0

oracle jre

Vendor Advisories

Ubuntu Security Notice: openjdk-6, openjdk-7 vulnerabilities
Several security issues were fixed in OpenJDK ...
Red Hat: Critical: java-1.7.0-ibm security update
Synopsis Critical: java-170-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-170-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalsecurity ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security im ...

Exploits

Exploit DB: Java Applet AverageRangeStatisticImpl Remote Code Execution
This Metasploit module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012 The vulnerability affects Java version 7u7 and earlier ...
Exploit DB: Java Applet - AverageRangeStatisticImpl Remote Code Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking includ ...
Exploit DB: Java Applet - JAX-WS Remote Code Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking includ ...

Recent Articles

Java under attack – the evolution of exploits in 2012-2013
Securelist • Kaspersky Lab • 30 Oct 2013

One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user – and, in some cases, without triggering an alert from security software. That’s why cyber criminals prefer these attacks, known as exploits, over other infection methods. Unlike social engineering, which can be hit or miss, the use of vulne...

Read more...
Not Cool, man: Potent new hacking toolkit costs crooks $10k a month
The Register • John Leyden • 10 Jan 2013

Blackhole gang snap up latest 0-days to build a better mousetrap

The brains behind the Blackhole Exploit Kit is using profits from the hacking toolbox to buy up security exploits and create a far more formidable product. The ubiquitous Blackhole kit is usually installed on compromised websites and uses vulnerabilities in web browsers and other software to inject malware into visitors' PCs. It is widely available through underground forums, and is affordable and reliable. Access to the technology is rented out for about $700 a quarter or $1,500 for a year, oft...

Read more...

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1391.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1386.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1467.htmlhttp://secunia.com/advisories/51029http://secunia.com/advisories/51326http://secunia.com/advisories/51390http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641https://nvd.nist.govhttps://usn.ubuntu.com/1619-1/https://www.exploit-db.com/exploits/24309/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook