Back to KEVs

CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 22, 2012
Published Date
October 16, 2012
Last Updated
February 10, 2025
Vendor
Oracle
Product
Java SE
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Tags
cisa metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-03-28 00:00:00 UTC) Source

References

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://secunia.com/advisories/51029 http://secunia.com/advisories/51390 http://rhn.redhat.com/errata/RHSA-2012-1467.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://secunia.com/advisories/51326

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-03-28 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_jre17_jaxws.rb 2025-04-29 11:01:19 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

java_jre17_glassfish_averagerangestatisticimpl

Type: metasploit • Created: Unknown

Metasploit module for CVE-2012-5076

java_jre17_jaxws

Type: metasploit • Created: Unknown

Metasploit module for CVE-2012-5076

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit