Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-t653-gwcf-4bfp
Vulnerability ID VCID-t653-gwcf-4bfp
Aliases CVE-2012-5076
Summary Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-284 Improper Access Control
System Score Found at
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1386.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1386.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1391.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1391.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2012-1467.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2012-1467.html
epss 0.9171 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9171 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9171 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9171 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
epss 0.9171 https://api.first.org/data/v1/epss?cve=CVE-2012-5076
cvssv3.1 9.8 http://secunia.com/advisories/51029
ssvc Act http://secunia.com/advisories/51029
cvssv3.1 9.8 http://secunia.com/advisories/51326
ssvc Act http://secunia.com/advisories/51326
cvssv3.1 9.8 http://secunia.com/advisories/51390
ssvc Act http://secunia.com/advisories/51390
cvssv3.1 9.8 http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Act http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2012-5076
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2012-5076
cvssv3.1 9.8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
ssvc Act https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
ssvc Act http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://rhn.redhat.com/errata/RHSA-2012-1391.html
http://rhn.redhat.com/errata/RHSA-2012-1467.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5076.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5076
http://secunia.com/advisories/51029
http://secunia.com/advisories/51326
http://secunia.com/advisories/51390
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5076
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
865352 https://bugzilla.redhat.com/show_bug.cgi?id=865352
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
CVE-2012-5076 https://nvd.nist.gov/vuln/detail/CVE-2012-5076
CVE-2012-5076;OSVDB-86363;OSVDB-86350 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/24309.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2012:1386 https://access.redhat.com/errata/RHSA-2012:1386
RHSA-2012:1391 https://access.redhat.com/errata/RHSA-2012:1391
RHSA-2012:1467 https://access.redhat.com/errata/RHSA-2012:1467
USN-1619-1 https://usn.ubuntu.com/1619-1/
Data source Exploit-DB
Date added Nov. 13, 2012
Description Java Applet - JAX-WS Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Nov. 13, 2012
Exploit type remote
Platform multiple
Source update date Nov. 13, 2012
Data source KEV
Date added March 28, 2022
Description The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Required action Apply updates per vendor instructions.
Due date April 18, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Ransomware campaign use Unknown
Data source Metasploit
Description This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Oct. 16, 2012
Platform Linux,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jaxws.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1386.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1391.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://rhn.redhat.com/errata/RHSA-2012-1467.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51029
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51029
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51326
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51326
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/51390
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://secunia.com/advisories/51390
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5076
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:52:51Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.99678
EPSS Score 0.9171
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:10.580600+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201406-32 38.0.0