Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D727568CE7D0055B14ECCA639DFB195F
HistoryFeb 07, 2013 - 12:00 a.m.

Java JAX-WS statistics.impl package sandbox breach

2013-02-0700:00:00
SAINT Corporation
my.saintcorporation.com
18

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Added: 02/07/2013
CVE: CVE-2012-5076
BID: 56054
OSVDB: 86350

Background

Java API for XML Web Services (JAX-WS) is a technology for developing web services in Java. It is included in the Java EE 5 platform.

Problem

A vulnerability in JAX-WS when handling the com.sun.org.glassfish.external.statistics.impl package allows code execution outside the sandbox, allowing arbitrary code execution when a user loads a malicious applet.

Resolution

Upgrade to JDK or JRE 7 Update 8 or higher.

References

<http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html&gt;

Limitations

Exploit works on Oracle JRE 7 Update 7 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.04.1 LTS, and requires a user to open the exploit page in a web browser.

Platforms

Windows
Linux

Related

checkpoint_advisories 2
seebug 2
canvas 1
saint 7
packetstorm 2
ubuntucve 1
prion 1
zdt 1
cisa_kev 1
cve 1
metasploit 2
attackerkb 1
exploitdb 2
threatpost 4
thn 1
openvas 14
suse 3
nessus 16
centos 1
oraclelinux 1
redhat 3
ibm 2
ubuntu 1
securityvulns 1
photon 1
gentoo 2
checkpoint_advisories
checkpoint_advisories
Java Applet JAX-WS Remote Code Execution (CVE-2012-5076)
2012-12-02 00:00:00
Java Applet JAX-WS Remote Code Execution - Ver2 (CVE-2012-5076)
2014-03-31 00:00:00
seebug
seebug
Java Applet AverageRangeStatisticImpl Remote Code Execution
2014-07-01 00:00:00
Java Applet JAX-WS Remote Code Execution
2014-07-01 00:00:00
canvas
canvas
Immunity Canvas: JAVA_JAXWS
2012-10-16 21:55:00
saint
saint
Java JAX-WS gmbal package sandbox breach
2012-11-23 00:00:00
Java JAX-WS statistics.impl package sandbox breach
2013-02-07 00:00:00
Java JAX-WS gmbal package sandbox breach
2012-11-23 00:00:00
packetstorm
packetstorm
Java Applet AverageRangeStatisticImpl Remote Code Execution
2013-01-23 00:00:00
Java Applet JAX-WS Remote Code Execution
2012-11-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-5076
2012-10-16 00:00:00
prion
prion
Design/Logic Flaw
2012-10-16 21:55:00
zdt
zdt
Java Applet AverageRangeStatisticImpl Remote Code Execution
2013-01-23 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Sandbox Bypass Vulnerability
2022-03-28 00:00:00
cve
cve
CVE-2012-5076
2012-10-16 21:55:00
metasploit
metasploit
Java Applet AverageRangeStatisticImpl Remote Code Execution
2013-01-17 20:27:47
Java Applet JAX-WS Remote Code Execution
2012-11-11 16:05:51
attackerkb
attackerkb
CVE-2012-5076
2012-10-16 00:00:00
exploitdb
exploitdb
Java Applet - AverageRangeStatisticImpl Remote Code Execution (Metasploit)
2013-01-24 00:00:00
Java Applet - JAX-WS Remote Code Execution (Metasploit)
2012-11-13 00:00:00
threatpost
threatpost
New Java Attack Introduced into Cool Exploit Kit
2012-11-12 18:25:53
Gong Da Exploit Kit Bundling Numerous Java Attacks
2012-11-20 16:13:34
Attackers Target Older Java Bugs
2013-05-13 10:30:31
thn
thn
Latest Java vulnerability exploitation leads to ransomware
2012-11-10 18:57:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
2012-10-19 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities - 03 - (Oct 2012) - Windows
2012-10-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1489-2)
2021-06-09 00:00:00
suse
suse
Security update for IBM Java 1.7.0 (important)
2012-11-21 18:08:45
java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)
2012-10-31 16:11:24
Security update for OpenJDK (important)
2012-10-24 22:08:57
nessus
nessus
CentOS 6 : java-1.7.0-openjdk (CESA-2012:1386) (ROBOT)
2012-10-18 00:00:00
RHEL 6 : java-1.7.0-openjdk (RHSA-2012:1386) (ROBOT)
2012-10-18 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)
2012-10-22 00:00:00
centos
centos
java security update
2012-10-17 21:16:08
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2012-10-17 00:00:00
redhat
redhat
(RHSA-2012:1386) Important: java-1.7.0-openjdk security update
2012-10-17 00:00:00
(RHSA-2012:1391) Critical: java-1.7.0-oracle security update
2012-10-18 00:00:00
(RHSA-2012:1467) Critical: java-1.7.0-ibm security update
2012-11-15 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 2 or earlier, and non-IBM Java 7.0
2019-05-07 13:40:01
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0
2022-09-25 23:13:40
ubuntu
ubuntu
OpenJDK vulnerabilities
2012-10-26 00:00:00
securityvulns
securityvulns
Oracle Java / OpenJDK multiple security vulnerabilities
2012-10-30 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0413
2023-06-19 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:D727568CE7D0055B14ECCA639DFB195F
checkpoint_advisories2seebug2canvas1saint7packetstorm2ubuntucve1prion1zdt1cisa_kev1cve1metasploit2attackerkb1exploitdb2threatpost4thn1openvas14suse3nessus16centos1oraclelinux1redhat3ibm2ubuntu1securityvulns1photon1gentoo2