CVE-2012-5088
published 2012-10-16CVE-2012-5088: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect…
PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
78.70%
99.5th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Inspect Java applet JAR files served over HTTP for the presence of both 'Exploit.class' (or a randomized alpha-name of the same length) and 'B.class' within the same archive, which is the exploit's class structure. ↗
- →Alert on Java applets using MethodHandle (java.lang.invoke.MethodHandle) to perform access control bypass; the root cause is insufficient access control checks in the MethodHandle implementation. ↗
- →Flag Java 7 Update 7 and earlier (7u7) as vulnerable; exploitation targets this specific version range. ↗
- →HTML delivery page contains an applet tag loading a JAR; monitor for browser-initiated JAR downloads preceded by an HTML page with applet tags as a drive-by delivery indicator. ↗
- ·The exploit randomizes the exploit class name (same length as 'Exploit') and obfuscates 'metasploit'/'Payload' strings inside the JAR, so static string matching on class names will be evaded by the Metasploit module. ↗
- ·The JAR entries also have 'metasploit' and 'Payload' strings replaced with random alpha strings, defeating simple signature matching on those known Metasploit strings. ↗
- ·Java 1.6.x (OpenJDK and Sun JDK) is NOT affected; only Java 7 (7u7 and earlier) is vulnerable, so detections should be scoped accordingly. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4mvh-76x5-57p4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect c
ghsa_unreviewed·2022-05-17
CVE-2012-5088 [HIGH] GHSA-4mvh-76x5-57p4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect c
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Ubuntu
OpenJDK vulnerabilities
vendor_ubuntu·2012-10-26·CVSS 10.0
CVE-2012-1531 [CRITICAL] OpenJDK vulnerabilities
Title: OpenJDK vulnerabilities
Summary: Several security issues were fixed in OpenJDK.
Several information disclosure vulnerabilities were discovered in the
OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,
CVE-2012-5077, CVE-2012-5085)
Vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,
CVE-2012-5086, CVE-2012-5089)
Information disclosure vulnerabilities were discovered in the OpenJDK JR
Red Hat
OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190)
vendor_redhat·2012-10-16·CVSS 10.0
CVE-2012-5088 [CRITICAL] OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190)
OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-sun (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.7.0-ibm (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Affected
Package: java-1.7.0-oracle (Red Hat Enterprise Linux 5) - Affected
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.6.0-sun (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Exploit-DB
Java Applet - Method Handle Remote Code Execution (Metasploit)
exploitdb·2013-01-24
CVE-2012-5088 Java Applet - Method Handle Remote Code Execution (Metasploit)
Java Applet - Method Handle Remote Code Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
class Metasploit3 false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Applet Method Handle Remote Code Execution',
'Description' => %q{
This module abuses the Method Handle class from a Java Applet to run arbitrary
Java code outside of the sandbox. The vulnerability affects Java version 7u7 and
earlier.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery at security-explorations.com
'juan vazquez' #
Metasploit
Java Applet Method Handle Remote Code Execution
metasploit
Java Applet Method Handle Remote Code Execution
Java Applet Method Handle Remote Code Execution
This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1386.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1391.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1467.htmlhttp://secunia.com/advisories/51029http://secunia.com/advisories/51326http://secunia.com/advisories/51390http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79420https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1386.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1391.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1467.htmlhttp://secunia.com/advisories/51029http://secunia.com/advisories/51326http://secunia.com/advisories/51390http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79420https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605
2012-10-16
Published