Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.93748.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Debian Subscribe
Debian Linux Subscribe
Oracle Subscribe
Jre Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Network Satellite Subscribe
Rhel Extras Subscribe
Sun Subscribe
Jre Subscribe
Suse Subscribe
Linux Enterprise Desktop Subscribe
Linux Enterprise Java Subscribe
Linux Enterprise Server Subscribe
Linux Enterprise Software Development Kit Subscribe

Configuration 1 [-]

OR cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2012:0139 2012-02-16T00:00:00Z
Red Hat Enterprise Linux 5
java-1.6.0-openjdk-1:1.6.0.0-1.25.1.10.6.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0322 2012-02-21T00:00:00Z
Red Hat Enterprise Linux 6
java-1.6.0-openjdk-1:1.6.0.0-1.43.1.10.6.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0135 2012-02-14T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2013:1455 2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0514 2012-04-24T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.31-1jpp.1.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0139 2012-02-16T00:00:00Z
java-1.5.0-ibm-1:1.5.0.13.1-1jpp.2.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0508 2012-04-23T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.1-1jpp.5.el6_2 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0514 2012-04-24T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-2420-1 openjdk-6 security update
Ubuntu USN Ubuntu USN USN-1373-1 OpenJDK 6 vulnerabilities
Ubuntu USN Ubuntu USN USN-1373-2 OpenJDK 6 (ARM) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx cve-icon cve-icon
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133364885411663&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133365109612558&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=133847939902305&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254957702612&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0508.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0514.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1455.html cve-icon cve-icon
http://secunia.com/advisories/48589 cve-icon cve-icon
http://secunia.com/advisories/48692 cve-icon cve-icon
http://secunia.com/advisories/48915 cve-icon cve-icon
http://secunia.com/advisories/48948 cve-icon cve-icon
http://secunia.com/advisories/48950 cve-icon cve-icon
http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2420 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html cve-icon cve-icon cve-icon
http://www.securityfocus.com/bid/52161 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=788994 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0507 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0507 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0507 cve-icon
History

Wed, 22 Oct 2025 10:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 05:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 04:30:00 +0900

Type Values Removed Values Added
References

Tue, 11 Feb 2025 05:15:00 +0900

Type Values Removed Values Added
Weaknesses CWE-843
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

kev

{'dateAdded': '2022-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 08:30:00 +0900

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2025-10-22T00:05:47.423Z

Reserved: 2012-01-11T00:00:00.000Z

Link: CVE-2012-0507

cve-icon Vulnrichment

Updated: 2024-08-06T18:23:31.104Z

cve-icon NVD

Status : Deferred

Published: 2012-06-07T22:55:17.883

Modified: 2025-10-22T01:15:42.420

Link: CVE-2012-0507

cve-icon Redhat

Severity : Critical

Publid Date: 2012-02-14T00:00:00Z

Links: CVE-2012-0507 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses