CVE-2012-5076
CVE-2012-5076
In short
A flaw in Java SE 7 Update 7's JAX-WS component allows remote attackers to compromise your computer without authentication, risking theft of data, unauthorized changes, or system crashes.
Technical detail
An unspecified vulnerability in the JAX-WS component of Oracle Java SE 7 Update 7 and earlier permits remote code execution or privilege escalation through crafted network requests, affecting confidentiality, integrity, and availability without requiring local access or user interaction.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/24309unverifiedexploitdbwww.exploit-db.com/exploits/22657unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1386.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1391.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1467.htmlhttp://secunia.com/advisories/51029http://secunia.com/advisories/51326http://secunia.com/advisories/51390http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html