Vulnerability CVE-2012-5067

Vulnerability Name:

CVE-2012-5067 (CCN-79429)

Assigned:

2012-10-16

Published:

2012-10-16

Updated:

2017-09-19

Summary:

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2012-5067

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1398

Source: CCN
Type: RHSA-2012-1391
Critical: java-1.7.0-oracle security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1391

Source: CCN
Type: RHSA-2012-1467
Critical: java-1.7.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1467

Source: CCN
Type: SA50949
Oracle Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
51326

Source: SECUNIA
Type: UNKNOWN
51390

Source: CCN
Type: IBM Security Bulletin 1616490
IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager

Source: CCN
Type: IBM Security Bulletin 1619418
Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 2 or earlier, and non-IBM Java 7.0

Source: CCN
Type: IBM Security Bulletin 1635864
IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0

Source: CCN
Type: Oracle Web site
Oracle Java SE Critical Patch Update Advisory - October 2012

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Source: BID
Type: UNKNOWN
56070

Source: CCN
Type: BID-56070
Oracle Java SE CVE-2012-5067 Remote Java Runtime Environment Vulnerability

Source: XF
Type: UNKNOWN
javaruntimeenvironment-deployment-info-disc(79429)

Source: XF
Type: UNKNOWN
javaruntimeenvironment-deployment-info-disc(79429)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16055

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:*:update7:*:*:*:*:*:* (Version <= 1.7.0)

OR cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jre:*:update7:*:*:*:*:*:* (Version <= 1.7.0)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:java_sdk:7.0.9.10:*:*:*:technology:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42330	P	Security update for mokutil (Moderate)	2022-08-03
oval:org.opensuse.security:def:20125067	V	CVE-2012-5067	2022-05-20
oval:org.opensuse.security:def:31700	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:32210	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:32166	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32105	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31608	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:26205	P	Security update for openssl-1_0_0 (Moderate)	2021-03-08
oval:org.opensuse.security:def:26191	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:35923	P	java-1_7_0-ibm-1.7.0_sr4.1-0.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32000	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:25485	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:32848	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31844	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25677	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:31390	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:26249	P	Security update for libtomcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32056	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31402	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:26922	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25474	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31757	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25549	P	Security update for tigervnc (Important)	2020-12-01
oval:org.opensuse.security:def:32887	P	java-1_7_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25758	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31391	P	Security update for pam (Moderate)	2020-12-01
oval:org.opensuse.security:def:26887	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25899	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31476	P	Security update for puppet	2020-12-01
oval:org.opensuse.security:def:25473	P	Security update for strongswan (Important)	2020-12-01
oval:org.mitre.oval:def:18120	P	USN-1619-1 -- openjdk-6, openjdk-7 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:23740	P	ELSA-2012:1391: java-1.7.0-oracle security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23893	P	ELSA-2012:1467: java-1.7.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:21002	P	RHSA-2012:1467: java-1.7.0-ibm security update (Critical)	2014-02-24
oval:org.mitre.oval:def:21199	P	RHSA-2012:1391: java-1.7.0-oracle security update (Critical)	2014-02-24
oval:org.mitre.oval:def:16055	V	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.	2013-06-03
oval:com.redhat.rhsa:def:20121467	P	RHSA-2012:1467: java-1.7.0-ibm security update (Critical)	2012-11-15
oval:com.redhat.rhsa:def:20121391	P	RHSA-2012:1391: java-1.7.0-oracle security update (Critical)	2012-10-18
oval:com.ubuntu.precise:def:20125067000	V	CVE-2012-5067 on Ubuntu 12.04 LTS (precise) - medium.	2012-10-16

BACK