VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-bb9q-674b-rygy

Essentials
Severities (22)
References (20)
Severity details (20)
Exploits (3)
EPSS
History (1)

Vulnerability ID	VCID-bb9q-674b-rygy
Aliases	CVE-2012-5076
Summary	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Status	Published
Exploitability	2.0
Weighted Severity	7.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1	9.8	http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
ssvc	Act	http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2012-1386.html
ssvc	Act	http://rhn.redhat.com/errata/RHSA-2012-1386.html
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2012-1391.html
ssvc	Act	http://rhn.redhat.com/errata/RHSA-2012-1391.html
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2012-1467.html
ssvc	Act	http://rhn.redhat.com/errata/RHSA-2012-1467.html
epss	0.91438	https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss	0.91438	https://api.first.org/data/v1/epss?cve=CVE-2012-5076
cvssv3.1	9.8	http://secunia.com/advisories/51029
ssvc	Act	http://secunia.com/advisories/51029
cvssv3.1	9.8	http://secunia.com/advisories/51326
ssvc	Act	http://secunia.com/advisories/51326
cvssv3.1	9.8	http://secunia.com/advisories/51390
ssvc	Act	http://secunia.com/advisories/51390
cvssv3.1	9.8	http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc	Act	http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1	9.8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
ssvc	Act	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
cvssv3.1	9.8	http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
ssvc	Act	http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5076.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-5076
51029		http://secunia.com/advisories/51029
51326		http://secunia.com/advisories/51326
51390		http://secunia.com/advisories/51390
865352		https://bugzilla.redhat.com/show_bug.cgi?id=865352
CVE-2012-5076;OSVDB-86363;OSVDB-86350	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/24309.rb
GLSA-201401-30		https://security.gentoo.org/glsa/201401-30
GLSA-201406-32		https://security.gentoo.org/glsa/201406-32
glsa-201406-32.xml		http://security.gentoo.org/glsa/glsa-201406-32.xml
javacpuoct2012-1515924.html		http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
msg00016.html		http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
oval%3Aorg.mitre.oval%3Adef%3A16641		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
RHSA-2012:1386		https://access.redhat.com/errata/RHSA-2012:1386
RHSA-2012-1386.html		http://rhn.redhat.com/errata/RHSA-2012-1386.html
RHSA-2012:1391		https://access.redhat.com/errata/RHSA-2012:1391
RHSA-2012-1391.html		http://rhn.redhat.com/errata/RHSA-2012-1391.html
RHSA-2012:1467		https://access.redhat.com/errata/RHSA-2012:1467
RHSA-2012-1467.html		http://rhn.redhat.com/errata/RHSA-2012-1467.html
USN-1619-1		https://usn.ubuntu.com/1619-1/

Data source	KEV
Date added	March 28, 2022
Description	The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Required action	Apply updates per vendor instructions.
Due date	April 18, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Ransomware campaign use	Unknown

Data source	Metasploit
Description	This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Oct. 16, 2012
Platform	Linux,Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jaxws.rb

Data source	Exploit-DB
Date added	Nov. 13, 2012
Description	Java Applet - JAX-WS Remote Code Execution (Metasploit)
Ransomware campaign use	Known
Source publication date	Nov. 13, 2012
Exploit type	remote
Platform	multiple
Source update date	Nov. 13, 2012

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51029

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51029

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51326

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51326

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51390

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51390

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.99681
EPSS Score	0.91438
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:55:52.417826+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2012/5xxx/CVE-2012-5076.json	38.6.0