CVE-ID |
CVE-2012-0507
|
Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|
Description |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and
earlier, and 5.0 Update 33 and earlier allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Concurrency. NOTE: the previous information was
obtained from the February 2012 Oracle CPU. Oracle has not commented
on claims from a downstream vendor and third party researchers that
this issue occurs because the AtomicReferenceArray class
implementation does not ensure that the array is of the Object[] type,
which allows attackers to cause a denial of service (JVM crash) or
bypass Java sandbox restrictions. NOTE: this issue was originally
mapped to CVE-2011-3571, but that identifier was already assigned to a
different issue.
|
References |
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
- MISC:blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
- MISC:krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
- MISC:weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
- CONFIRM:www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
- CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=788994
- BID:52161
- URL:www.securityfocus.com/bid/52161
- SECUNIA:48589
- URL:secunia.com/advisories/48589
- SECUNIA:48692
- URL:secunia.com/advisories/48692
- SECUNIA:48915
- URL:secunia.com/advisories/48915
- SECUNIA:48948
- URL:secunia.com/advisories/48948
- SECUNIA:48950
- URL:secunia.com/advisories/48950
|
Date Entry Created |
20120111 |
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
Phase (Legacy) |
Assigned (20120111) |
Votes (Legacy) |
|
Comments (Legacy) |
|
Proposed (Legacy) |
N/A |
This is an entry on the CVE
list, which standardizes names for security
problems. |
Search CVE Using Keywords:
You can also search by reference using the CVE Reference Maps.
|
For More Information: cve@mitre.org
|