Search for vulnerabilities
Vulnerability details: VCID-e9ta-kngq-aaar
Vulnerability ID VCID-e9ta-kngq-aaar
Aliases CVE-2012-0500
Summary CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254866602253&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254957702612&w=2
rhas Critical https://access.redhat.com/errata/RHSA-2012:0139
rhas Critical https://access.redhat.com/errata/RHSA-2012:0514
rhas Low https://access.redhat.com/errata/RHSA-2013:1455
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.17802 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.19733 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.19733 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.22665 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.74853 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
epss 0.76791 https://api.first.org/data/v1/epss?cve=CVE-2012-0500
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=790724
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2012-0500
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0500.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0500
http://secunia.com/advisories/48073
http://secunia.com/advisories/48589
http://secunia.com/advisories/48950
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14844
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.securityfocus.com/bid/52015
790724 https://bugzilla.redhat.com/show_bug.cgi?id=790724
cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:1.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:1.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:update30:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:*:update30:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
CVE-2012-0500 https://nvd.nist.gov/vuln/detail/CVE-2012-0500
CVE-2012-0500;OSVDB-79227 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18520.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
RHSA-2012:0139 https://access.redhat.com/errata/RHSA-2012:0139
RHSA-2012:0514 https://access.redhat.com/errata/RHSA-2012:0514
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
Data source Exploit-DB
Date added Feb. 24, 2012
Description Sun Java Web Start Plugin - Command Line Argument Injection (2012) (Metasploit)
Ransomware campaign use Known
Source publication date Feb. 24, 2012
Exploit type remote
Platform windows
Source update date Feb. 24, 2012
Data source Metasploit
Description This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be run as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
Note 
{}
Ransomware campaign use Unknown
Source publication date Feb. 14, 2012
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/java_ws_vmargs.rb
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0500
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96273
EPSS Score 0.17802
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.