Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:05B3FD2A2948BDF7FBBED12519BC4ED2
HistoryMar 02, 2012 - 12:00 a.m.

Java Web Start initial heap size command injection

2012-03-0200:00:00
SAINT Corporation
my.saintcorporation.com
15

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.178 Low

EPSS

Percentile

96.0%

JSON

Added: 03/02/2012
CVE: CVE-2012-0500
BID: 52015
OSVDB: 79227

Background

Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment (JRE).

Problem

A vulnerability in Java Web Start allows arbitrary command-line argument injection through the initial-heap-size parameter. This vulnerability can be exploited to load arbitrary DLL files.

Resolution

Apply the February 2012 Java SE Critical Patch Update.

References

<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html&gt;

Limitations

Exploit works on JRE 7 Update 2 and requires a user to load the exploit page in Internet Explorer 8 or 9.

Valid SMB user credentials with write permission for the specified SMB share are required. The target must be able to access this SMB share anonymously.

Platforms

Windows

Related

checkpoint_advisories 1
seebug 2
packetstorm 3
prion 1
ubuntucve 1
saint 3
securityvulns 2
cve 1
exploitpack 1
metasploit 1
exploitdb 1
openvas 10
nessus 13
veracode 3
redhat 3
suse 1
ibm 2
gentoo 1
checkpoint_advisories
checkpoint_advisories
Oracle Java Web Start Command Argument Injection Remote Code Execution (CVE-2012-0500)
2012-04-30 00:00:00
seebug
seebug
Java Web Start Double Quote Injection Remote Code Execution
2014-07-01 00:00:00
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
packetstorm
packetstorm
Sun Java Web Start Plugin Command Line Argument Injection (2012)
2012-02-24 00:00:00
Sun Java Web Start Double Quote Injection
2013-06-13 00:00:00
Sun Java Web Start Double Quote Injection
2013-06-10 00:00:00
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
ubuntucve
ubuntucve
CVE-2012-0500
2012-02-15 00:00:00
saint
saint
Java Web Start initial heap size command injection
2012-03-02 00:00:00
Java Web Start initial heap size command injection
2012-03-02 00:00:00
Java Web Start initial heap size command injection
2012-03-02 00:00:00
securityvulns
securityvulns
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
2012-02-15 00:00:00
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
cve
cve
CVE-2012-0500
2012-02-15 22:55:00
exploitpack
exploitpack
Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)
2013-06-11 00:00:00
metasploit
metasploit
Sun Java Web Start Double Quote Injection
2013-06-12 19:40:53
exploitdb
exploitdb
Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)
2013-06-11 00:00:00
openvas
openvas
Oracle Java SE JDK Multiple Vulnerabilities - 02 - (Feb 2012) - Windows
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - 02 - (Feb 2012) - Windows
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02)
2012-02-21 00:00:00
nessus
nessus
Scientific Linux Security Update : java-1.6.0-sun on SL4.x, SL5.x i386/x86_64 (20120216)
2012-08-01 00:00:00
SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8094)
2012-05-10 00:00:00
RHEL 5 / 6 : java-1.6.0-sun (RHSA-2012:0139)
2012-02-17 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
redhat
redhat
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
(RHSA-2012:0514) Critical: java-1.6.0-ibm security update
2012-04-24 00:00:00
(RHSA-2013:1455) Low: Red Hat Network Satellite server IBM Java Runtime security update
2013-10-23 00:00:00
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
ibm
ibm
Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)
2020-12-22 17:41:28
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.178 Low

EPSS

Percentile

96.0%

JSON
Related for SAINT:05B3FD2A2948BDF7FBBED12519BC4ED2
checkpoint_advisories1seebug2packetstorm3prion1ubuntucve1saint3securityvulns2cve1exploitpack1metasploit1exploitdb1openvas10nessus13veracode3redhat3suse1ibm2gentoo1