CVE-2012-5076 in Oracle and Suse Products
Published on October 16, 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Known Exploited Vulnerability
This Oracle Java SE Sandbox Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
The following remediation steps are recommended / required by April 18, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
Products Associated with CVE-2012-5076
You can be notified by stack.watch whenever vulnerabilities like CVE-2012-5076 are published in these products:
What versions are vulnerable to CVE-2012-5076?
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update6
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update3
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update2
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update5
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update4
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update7
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update1
- Oracle Java Runtime Environment (JRE) Version 1.7.0 -
- Suse Linux Enterprise Desktop Version 11 sp2