1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Java CVE-2012-5076 RCE 3

Web Attack: Java CVE-2012-5076 RCE 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote code execution vulnerability in Java Runtime Environment.

Additional Information

Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.

The vulnerability can be exploited over multiple protocols. Specifically, the issue occurs because the application allows to execute arbitrary Java code outside the sandbox using JAX-WS classes.

An attacker can exploit this issue to bypass sandbox restrictions and execute arbitrary code in the context of the application.

This vulnerability affects the following supported versions:
7 Update 7

Affected

  • Sun JRE (Windows Production Release) 1.7.0_4
  • Sun JRE (Windows Production Release) 1.7.0_2
  • Sun JRE (Windows Production Release) 1.7
  • Sun JRE (Solaris Production Release) 1.7.0_4
  • Sun JRE (Solaris Production Release) 1.7.0_2
  • Sun JRE (Solaris Production Release) 1.7
  • Sun JRE (Linux Production Release) 1.7.0_4
  • Sun JRE (Linux Production Release) 1.7.0_2
  • Sun JRE (Linux Production Release) 1.7
  • Sun JDK (Windows Production Release) 1.7
  • Sun JDK (Windows Production Release) 1.7.0_4
  • Sun JDK (Windows Production Release) 1.7.0_2
  • Sun JDK (Solaris Production Release) 1.7
  • Sun JDK (Solaris Production Release) 1.7.0_4
  • Sun JDK (Solaris Production Release) 1.7.0_2
  • Sun JDK (Linux Production Release) 1.7
  • Sun JDK (Linux Production Release) 1.7.0_4
  • Sun JDK (Linux Production Release) 1.7.0_2
  • Red Hat Fedora 17
  • Red Hat Fedora 16
  • Red Hat Enterprise Linux Workstation Supplementary 6
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Server Supplementary 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux HPC Node Supplementary 6
  • Red Hat Enterprise Linux HPC Node Optional 6
  • Red Hat Enterprise Linux Desktop Supplementary 6
  • Red Hat Enterprise Linux Desktop Supplementary 5 client
  • Red Hat Enterprise Linux Desktop Optional 6
  • Red Hat Enterprise Linux Desktop 6
  • Oracle Enterprise Linux 6.2
  • Oracle Enterprise Linux 6
  • OpenJDK OpenJDK 6
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube