anonhaven
Ad

CVE-2012-0507

CRITICAL CVSS 3.1: 9.8 EPSS 93.6% ACTIVE EXPLOIT
Updated Oct 22, 2025
Debian

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Mar 24, 2022

Parameter Value
CVSS 9.8 (CRITICAL)
Type CWE-843 (Type Confusion)
Vendor Debian
Public PoC Yes

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.

NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-843 Type Confusion

Vulnerable Products 74

Configuration From (including) Up to (excluding)
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
Sun Jre
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
Oracle Jre
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Suse Linux_Enterprise_Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
Suse Linux_Enterprise_Java
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
Suse Linux_Enterprise_Java
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
Suse Linux_Enterprise_Server
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
Suse Linux_Enterprise_Software_Development_Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
Suse Linux_Enterprise_Software_Development_Kit
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

References 23

http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-s…
secalert_us@oracle.com
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
secalert_us@oracle.com
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
secalert_us@oracle.com
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
secalert_us@oracle.com
http://marc.info/?l=bugtraq&m=133364885411663&w=2
secalert_us@oracle.com
http://marc.info/?l=bugtraq&m=133365109612558&w=2
secalert_us@oracle.com
http://marc.info/?l=bugtraq&m=133847939902305&w=2
secalert_us@oracle.com
http://marc.info/?l=bugtraq&m=134254866602253&w=2
secalert_us@oracle.com
http://marc.info/?l=bugtraq&m=134254957702612&w=2
secalert_us@oracle.com
http://rhn.redhat.com/errata/RHSA-2012-0508.html
secalert_us@oracle.com
http://rhn.redhat.com/errata/RHSA-2012-0514.html
secalert_us@oracle.com
http://rhn.redhat.com/errata/RHSA-2013-1455.html
secalert_us@oracle.com
http://secunia.com/advisories/48589
secalert_us@oracle.com
http://secunia.com/advisories/48692
secalert_us@oracle.com
http://secunia.com/advisories/48915
secalert_us@oracle.com
http://secunia.com/advisories/48948
secalert_us@oracle.com
http://secunia.com/advisories/48950
secalert_us@oracle.com
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
secalert_us@oracle.com
http://www.debian.org/security/2012/dsa-2420
secalert_us@oracle.com
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
secalert_us@oracle.com
http://www.securityfocus.com/bid/52161
secalert_us@oracle.com
https://bugzilla.redhat.com/show_bug.cgi?id=788994
secalert_us@oracle.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-63261

Awstats

7.8

CVE-2025-62600

Eprosima

7.5

CVE-2025-62599

Eprosima

7.5

CVE-2025-64512

Debian

8.6

CVE-2025-10934

Debian

7.8