CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Published: Jun 8, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0507
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / jre	1.5.0-update22	1.5.0-update22.x
sun / jre	1.5.0-update31	1.5.0-update31.x
sun / jre	1.5.0	1.5.0.x
sun / jre	1.5.0-update18	1.5.0-update18.x
sun / jre	1.5.0-update27	1.5.0-update27.x
sun / jre	1.5.0-update2	1.5.0-update2.x
sun / jre	1.5.0-update13	1.5.0-update13.x
sun / jre	1.5.0-update24	1.5.0-update24.x
sun / jre	1.5.0-update12	1.5.0-update12.x
sun / jre	1.5.0-update26	1.5.0-update26.x
sun / jre	1.5.0-update8	1.5.0-update8.x
sun / jre	1.5.0-update16	1.5.0-update16.x
sun / jre	1.5.0-update21	1.5.0-update21.x
sun / jre	1.5.0-update11	1.5.0-update11.x
sun / jre	1.5.0-update15	1.5.0-update15.x
sun / jre	1.5.0-update7	1.5.0-update7.x
sun / jre	1.5.0-update3	1.5.0-update3.x
sun / jre	1.5.0-update20	1.5.0-update20.x
sun / jre	1.5.0-update25	1.5.0-update25.x
sun / jre	1.5.0-update5	1.5.0-update5.x
sun / jre	1.5.0-update14	1.5.0-update14.x
sun / jre	1.5.0-update6	1.5.0-update6.x
sun / jre	1.5.0-update9	1.5.0-update9.x
sun / jre	1.5.0-update1	1.5.0-update1.x
sun / jre	1.5.0-update19	1.5.0-update19.x
sun / jre	1.5.0-update10	1.5.0-update10.x
sun / jre	1.5.0-update28	1.5.0-update28.x
sun / jre	1.5.0-update4	1.5.0-update4.x
sun / jre	1.5.0-update23	1.5.0-update23.x
sun / jre	1.5.0-update29	1.5.0-update29.x
sun / jre	1.5.0-update17	1.5.0-update17.x
sun / jre	1.6.0-update_3	1.6.0-update_3.x
sun / jre	1.6.0-update_5	1.6.0-update_5.x
sun / jre	1.6.0-update_13	1.6.0-update_13.x
sun / jre	1.6.0-update_1	1.6.0-update_1.x
sun / jre	1.6.0-update_2	1.6.0-update_2.x
sun / jre	1.6.0-update_16	1.6.0-update_16.x
sun / jre	1.6.0-update_20	1.6.0-update_20.x
sun / jre	1.6.0-update_15	1.6.0-update_15.x
sun / jre	1.6.0-update_6	1.6.0-update_6.x
sun / jre	1.6.0-update_19	1.6.0-update_19.x
sun / jre	1.6.0	1.6.0.x
sun / jre	1.6.0-update_18	1.6.0-update_18.x
sun / jre	1.6.0-update_10	1.6.0-update_10.x
sun / jre	1.6.0-update_17	1.6.0-update_17.x
sun / jre	1.6.0-update_21	1.6.0-update_21.x
sun / jre	1.6.0-update_7	1.6.0-update_7.x
sun / jre	1.6.0-update_14	1.6.0-update_14.x
sun / jre	1.6.0-update_4	1.6.0-update_4.x
sun / jre	1.6.0-update_12	1.6.0-update_12.x
sun / jre	1.6.0-update_11	1.6.0-update_11.x
oracle / jre	1.6.0-update25	1.6.0-update25.x
oracle / jre	1.6.0-update24	1.6.0-update24.x
oracle / jre	1.6.0-update26	1.6.0-update26.x
oracle / jre	1.6.0-update27	1.6.0-update27.x
oracle / jre	1.6.0-update22	1.6.0-update22.x
oracle / jre	1.6.0-update23	1.6.0-update23.x
oracle / jre	1.6.0-update29	1.6.0-update29.x
oracle / jre	1.7.0	1.7.0.x
oracle / jre	1.7.0-update1	1.7.0-update1.x
sun / jre	1.5.0-update33	1.5.0-update33.x
oracle / jre	1.6.0-update30	1.6.0-update30.x
oracle / jre	1.7.0-update2	1.7.0-update2.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x
suse / linux_enterprise_server	11-sp1	11-sp1.x
suse / linux_enterprise_software_development_kit	11-sp2	11-sp2.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
suse / linux_enterprise_desktop	10-sp4	10-sp4.x
suse / linux_enterprise_server	10-sp4	10-sp4.x
suse / linux_enterprise_software_development_kit	11-sp1	11-sp1.x
suse / linux_enterprise_java	10-sp4	10-sp4.x
suse / linux_enterprise_java	11-sp1	11-sp1.x

Vulnerability Database

289,697

CVE-2012-0507