Vulnerability Name:

CVE-2012-0504 (CCN-73190)

Assigned:2012-02-14
Published:2012-02-14
Updated:2022-05-13
Summary:Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-0504

Source: HP
Type: UNKNOWN
HPSBUX02757

Source: HP
Type: UNKNOWN
HPSBUX02784

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: CCN
Type: SA48009
Oracle Java SE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48589

Source: CCN
Type: Oracle Java SE Critical Patch Update Advisory - February 2012
Oracle Java SE Critical Patch Update Advisory - February 2012

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Source: CCN
Type: OSVDB ID: 79231
Oracle Java SE Install Component Unspecified Remote Code Execution

Source: BID
Type: UNKNOWN
52020

Source: CCN
Type: BID-52020
Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability

Source: XF
Type: UNKNOWN
javase-jre-cve20120504(73190)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14890

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jre:*:update2:*:*:*:*:*:* (Version <= 1.7.0)
  • OR cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:jdk:*:update2:*:*:*:*:*:* (Version <= 1.7.0)
  • OR cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:*:update30:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update25:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:*:update30:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:19854
    V
    		HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:14890
    V
    		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.
    2013-01-28
    BACK
    oracle jre * update2
    oracle jre 1.7.0
    oracle jre 1.7.0 update1
    oracle jdk * update2
    oracle jdk 1.7.0
    oracle jdk 1.7.0 update1
    sun jre 1.6.0 update_3
    sun jre 1.6.0 update_5
    sun jre 1.6.0 update_13
    sun jre 1.6.0 update_1
    sun jre 1.6.0 update_2
    sun jre 1.6.0 update_16
    sun jre 1.6.0 update_20
    sun jre 1.6.0 update_15
    sun jre 1.6.0 update_6
    sun jre 1.6.0 update_19
    sun jre 1.6.0
    sun jre 1.6.0 update_17
    oracle jre 1.6.0 update29
    oracle jre * update30
    sun jre 1.6.0 update_18
    oracle jre 1.6.0 update22
    sun jre 1.6.0 update_21
    sun jre 1.6.0 update_4
    sun jre 1.6.0 update_14
    oracle jre 1.6.0 update26
    oracle jre 1.6.0 update27
    sun jre 1.6.0 update_7
    sun jre 1.6.0 update_10
    sun jre 1.6.0 update_12
    sun jre 1.6.0 update_11
    oracle jre 1.6.0 update23
    oracle jre 1.6.0 update24
    oracle jre 1.6.0 update25
    sun jdk 1.6.0 update_4
    sun jdk 1.6.0 update_7
    sun jdk 1.6.0 update_19
    sun jdk 1.6.0 update_13
    sun jdk 1.6.0 update_3
    sun jdk 1.6.0 update_11
    sun jdk 1.6.0 update_10
    sun jdk 1.6.0 update_14
    sun jdk 1.6.0
    sun jdk 1.6.0 update_17
    sun jdk 1.6.0 update_5
    sun jdk 1.6.0 update_16
    sun jdk 1.6.0 update_15
    oracle jdk 1.6.0 update29
    oracle jdk 1.6.0 update27
    sun jdk 1.6.0 update2
    sun jdk 1.6.0 update_21
    sun jdk 1.6.0 update_12
    oracle jdk 1.6.0 update26
    oracle jdk 1.6.0 update25
    sun jdk 1.6.0 update_6
    sun jdk 1.6.0 update_18
    oracle jdk * update30
    oracle jdk 1.6.0 update22
    sun jdk 1.6.0 update1_b06
    sun jdk 1.6.0 update1
    sun jdk 1.6.0 update_20
    oracle jdk 1.6.0 update24
    oracle jdk 1.6.0 update23
    oracle jre 1.7.0
    oracle jre 1.7.0 update1
    oracle jre 1.7.0 update2