[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4420Date: (C)2019-12-27   (M)2023-12-22


An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
http://www.openwall.com/lists/oss-security/2012/09/13/3
http://www.securityfocus.com/bid/55538
https://access.redhat.com/security/cve/cve-2012-4420
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420
https://exchange.xforce.ibmcloud.com/vulnerabilities/78693
https://www.openwall.com/lists/oss-security/2012/09/12/4

CWE    1
CWE-200

© SecPod Technologies