CVE-2012-5087

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

http://marc.info/?l=bugtraq&m=135542848327757&w=2

http://marc.info/?l=bugtraq&m=135758563611658&w=2

http://rhn.redhat.com/errata/RHSA-2012-1386.html

http://rhn.redhat.com/errata/RHSA-2012-1391.html

http://rhn.redhat.com/errata/RHSA-2012-1467.html

http://secunia.com/advisories/51029

http://secunia.com/advisories/51326

http://secunia.com/advisories/51390

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

http://www.securityfocus.com/bid/56043

https://exchange.xforce.ibmcloud.com/vulnerabilities/79415

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16560

Details

Source: MITRE

Published: 2012-10-16

Updated: 2017-09-19

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
89663VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)NessusMisc.
critical
83567SUSE SLES11 Security Update : IBM Java 1.7.0 (SUSE-SU-2012:1489-2)NessusSuSE Local Security Checks
critical
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
74793openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1419-1) (ROBOT)NessusSuSE Local Security Checks
critical
72139GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)NessusGentoo Local Security Checks
critical
68646Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2012-1386) (ROBOT)NessusOracle Linux Local Security Checks
critical
64849Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)NessusMisc.
critical
64171SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)NessusSuSE Local Security Checks
critical
64169SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)NessusSuSE Local Security Checks
critical
62932RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)NessusRed Hat Local Security Checks
critical
62709Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1619-1) (ROBOT)NessusUbuntu Local Security Checks
critical
62653Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)NessusScientific Linux Local Security Checks
critical
62635RHEL 6 : java-1.7.0-oracle (RHSA-2012:1391)NessusRed Hat Local Security Checks
critical
62615RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1386) (ROBOT)NessusRed Hat Local Security Checks
critical
62598CentOS 6 : java-1.7.0-openjdk (CESA-2012:1386) (ROBOT)NessusCentOS Local Security Checks
critical
62593Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)NessusWindows
critical