Lucene search

K
cve[email protected]CVE-2012-4420
HistoryDec 26, 2019 - 9:15 p.m.

CVE-2012-4420

2019-12-2621:15:11
CWE-200
web.nvd.nist.gov
61
information security
cve-2012-4420
openjdk 7
java virtual machine
jvm
remote attacker
sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.7%

An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.

Affected configurations

Vulners
NVD
Node
java-1.7.0-openjdkjava-1.7.0-openjdkRange1.7.01.7.0
CPENameOperatorVersion
oracle:jdkoracle jdkeq7.0

CNA Affected

[
  {
    "product": "java-1.7.0-openjdk",
    "vendor": "java-1.7.0-openjdk",
    "versions": [
      {
        "status": "affected",
        "version": "1.7.0_04 to 1.7.0_10"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.7%

Related for CVE-2012-4420