Vulnerability CVE-2012-5078

Vulnerability Name:

CVE-2012-5078 (CCN-79421)

Assigned:

2012-10-16

Published:

2012-10-16

Updated:

2017-09-19

Summary:

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080.
Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-5078

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:1398

Source: CCN
Type: SA50949
Oracle Java Multiple Vulnerabilities

Source: CCN
Type: Oracle Web site
Oracle Java SE Critical Patch Update Advisory - October 2012

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Source: BID
Type: UNKNOWN
56066

Source: CCN
Type: BID-56066
Oracle JavaFX CVE-2012-5078 Remote Security Vulnerability

Source: XF
Type: UNKNOWN
javaruntimeenvironment-uns-cve20125078(79421)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16308

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:javafx:1.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:*:*:*:*:*:*:*:* (Version <= 2.2)

Configuration CCN 1:

cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20125078	V	CVE-2012-5078	2021-06-25
oval:org.mitre.oval:def:16308	V	Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.	2013-06-03

BACK