Vulnerability Name: CVE-2012-0504 (CCN-73190) Assigned: 2012-02-14 Published: 2012-02-14 Updated: 2022-05-13 Summary: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2012-0504 Source: HP Type: UNKNOWNHPSBUX02757 Source: HP Type: UNKNOWNHPSBUX02784 Source: HP Type: UNKNOWNHPSBMU02799 Source: HP Type: UNKNOWNSSRT100867 Source: CCN Type: SA48009Oracle Java SE Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory48589 Source: CCN Type: Oracle Java SE Critical Patch Update Advisory - February 2012Oracle Java SE Critical Patch Update Advisory - February 2012 Source: CONFIRM Type: Vendor Advisoryhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html Source: CCN Type: OSVDB ID: 79231Oracle Java SE Install Component Unspecified Remote Code Execution Source: BID Type: UNKNOWN52020 Source: CCN Type: BID-52020Oracle Java SE CVE-2012-0504 Remote Java Runtime Environment Vulnerability Source: XF Type: UNKNOWNjavase-jre-cve20120504(73190) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:14890 Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:jre:*:update2:*:*:*:*:*:* (Version <= 1.7.0)OR cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:* Configuration 2 :cpe:/a:oracle:jdk:*:update2:*:*:*:*:*:* (Version <= 1.7.0)OR cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:* Configuration 3 :cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update29:*:*:*:*:*:* OR cpe:/a:oracle:jre:*:update30:*:*:*:*:*:* (Version <= 1.6.0) OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update22:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update26:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update27:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update23:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update24:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.6.0:update25:*:*:*:*:*:* Configuration 4 :cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update29:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update27:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update26:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update25:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:* OR cpe:/a:oracle:jdk:*:update30:*:*:*:*:*:* (Version <= 1.6.0) OR cpe:/a:oracle:jdk:1.6.0:update22:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update24:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.6.0:update23:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:* OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:19854 V HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2015-04-20 oval:org.mitre.oval:def:14890 V Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism. 2013-01-28
BACK
oracle jre * update2
oracle jre 1.7.0
oracle jre 1.7.0 update1
oracle jdk * update2
oracle jdk 1.7.0
oracle jdk 1.7.0 update1
sun jre 1.6.0 update_3
sun jre 1.6.0 update_5
sun jre 1.6.0 update_13
sun jre 1.6.0 update_1
sun jre 1.6.0 update_2
sun jre 1.6.0 update_16
sun jre 1.6.0 update_20
sun jre 1.6.0 update_15
sun jre 1.6.0 update_6
sun jre 1.6.0 update_19
sun jre 1.6.0
sun jre 1.6.0 update_17
oracle jre 1.6.0 update29
oracle jre * update30
sun jre 1.6.0 update_18
oracle jre 1.6.0 update22
sun jre 1.6.0 update_21
sun jre 1.6.0 update_4
sun jre 1.6.0 update_14
oracle jre 1.6.0 update26
oracle jre 1.6.0 update27
sun jre 1.6.0 update_7
sun jre 1.6.0 update_10
sun jre 1.6.0 update_12
sun jre 1.6.0 update_11
oracle jre 1.6.0 update23
oracle jre 1.6.0 update24
oracle jre 1.6.0 update25
sun jdk 1.6.0 update_4
sun jdk 1.6.0 update_7
sun jdk 1.6.0 update_19
sun jdk 1.6.0 update_13
sun jdk 1.6.0 update_3
sun jdk 1.6.0 update_11
sun jdk 1.6.0 update_10
sun jdk 1.6.0 update_14
sun jdk 1.6.0
sun jdk 1.6.0 update_17
sun jdk 1.6.0 update_5
sun jdk 1.6.0 update_16
sun jdk 1.6.0 update_15
oracle jdk 1.6.0 update29
oracle jdk 1.6.0 update27
sun jdk 1.6.0 update2
sun jdk 1.6.0 update_21
sun jdk 1.6.0 update_12
oracle jdk 1.6.0 update26
oracle jdk 1.6.0 update25
sun jdk 1.6.0 update_6
sun jdk 1.6.0 update_18
oracle jdk * update30
oracle jdk 1.6.0 update22
sun jdk 1.6.0 update1_b06
sun jdk 1.6.0 update1
sun jdk 1.6.0 update_20
oracle jdk 1.6.0 update24
oracle jdk 1.6.0 update23
oracle jre 1.7.0
oracle jre 1.7.0 update1
oracle jre 1.7.0 update2