CVE-2012-0507 (CNNVD-201204-153)
中文标题:
Oracle Java SE远程拒绝服务漏洞
英文标题:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update...
漏洞描述
中文描述:
Oracle Java SE是标准版的Java平台,为用户提供了一个程序开发环境。 Oracle Java SE在Java Runtime Environment中存在远程拒绝服务漏洞。攻击者可利用该漏洞导致应用程序崩溃,拒绝为合法用户提供服务。以下版本中存在该漏洞:7 Update 2、6 Update 30和5.0 Update 33版本。
英文描述:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| sun | jre | 1.5.0 | - | - |
cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
|
| oracle | jre | 1.6.0 | - | - |
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
|
| sun | jre | 1.6.0 | - | - |
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
|
| oracle | jre | 1.7.0 | - | - |
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
|
| debian | debian_linux | 6.0 | - | - |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 7.0 | - | - |
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
|
| suse | linux_enterprise_desktop | 10 | - | - |
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
|
| suse | linux_enterprise_java | 10 | - | - |
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
|
| suse | linux_enterprise_java | 11 | - | - |
cpe:2.3:o:suse:linux_enterprise_java:11:sp1:*:*:*:*:*:*
|
| suse | linux_enterprise_server | 10 | - | - |
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
|
| suse | linux_enterprise_server | 11 | - | - |
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
|
| suse | linux_enterprise_software_development_kit | 11 | - | - |
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
nvd.nist.gov
exploitdb
exploitdb
cve.org
CVSS评分详情
3.1 (adp)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2012-0507 |
2025-11-11 15:18:26 | 2025-11-11 07:33:20 |
| NVD | nvd_CVE-2012-0507 |
2025-11-11 14:53:57 | 2025-11-11 07:42:10 |
| CNNVD | cnnvd_CNNVD-201204-153 |
2025-11-11 15:09:14 | 2025-11-11 07:50:04 |
| EXPLOITDB | exploitdb_EDB-18679 |
2025-11-11 15:05:28 | 2025-11-11 08:14:07 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 23 -> 26
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201204-153
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 12
- references_count: 26 -> 23
- data_sources: ['cve'] -> ['cve', 'nvd']