You are here

CVE-2012-0507

Vincent (CVE) Danen's picture
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Details Source

Mitre

Public Date

2012-02-14 00:00:00

Impact

Critical

Bugzilla

CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)

Bugzilla ID

788 994

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

External References

http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

IAVA

2012-A-0147, 2012-A-0148

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-sun) RHSA-2012:0139 2012-02-16
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2012:0508 2012-04-23
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2012:0139 2012-02-16
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2012:0135 2012-02-14
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2012:0514 2012-04-24
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2012:0322 2012-02-21
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2012:0139 2012-02-16
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2012:0514 2012-04-24
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2012:0508 2012-04-23

Affected Packages State

Platform Package State
Red Hat Enterprise Linux Supplementary version 6 java-1.6.0-openjdk Affected