CVE-2012-0547

Exp

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."

Published: 2012-08-30 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-0547 is rated Exploit Available (50/100): high exploitation likelihood (EPSS 8.54%, 92th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2012-0547

EDB-ID Source Kind Published Link
20865 exploit_db edb 2012-08-27 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2012-0547

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-01 9.87% 8.54% -1.33%
2 2026-01-23 9.75% 9.87% +0.12%
3 2026-01-18 9.75%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-0547

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
0.0 2.0 LOW
AV:N/AC:L/Au:N/C:N/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 10.0 0.0 [email protected]

Weakness enumeration for CVE-2012-0547

OS Trackers for CVE-2012-0547

vendor priority summary link
gentoo high CVE-2012-0547: 2 GLSA(s) (201401-30, 201406-32), 6 atom(s) (app-emulation/emul-linux-x86-java, dev-java/icedtea-bin, dev-java/oracle-jdk-bin, dev-java/oracle-jre-bin, dev-java/sun-jdk, dev-java/sun-jre-bin); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-0547
redhat low https://access.redhat.com/security/cve/CVE-2012-0547
ubuntu low CVE-2012-0547 low priority: Ubuntu including 6 source packages (icedtea-web, openjdk-6, openjdk-6b18, openjdk-7, sun-java5, sun-java6), 42 status rows across 7 suites (hardy, lucid, natty, oneiric, precise, quantal, upstream): DNE 17, not-affected 9, needs-triage 6, released 6, ignored 4. https://ubuntu.com/security/CVE-2012-0547

Affected software / configurations for CVE-2012-0547

Vendor Product Version Raw CPE
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
oracle jre <= 1.7.0 cpe:2.3:a:oracle:jre:*:update6:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
oracle jdk <= 1.6.0 cpe:2.3:a:oracle:jdk:*:update34:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
oracle jre <= 1.6.0 cpe:2.3:a:oracle:jre:*:update34:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

References for CVE-2012-0547

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html
http://marc.info/?l=bugtraq&m=135161897205627&w=2
http://rhn.redhat.com/errata/RHSA-2012-1222.html
http://rhn.redhat.com/errata/RHSA-2012-1225.html
http://rhn.redhat.com/errata/RHSA-2012-1392.html
http://rhn.redhat.com/errata/RHSA-2012-1466.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/51044
http://secunia.com/advisories/51141
http://secunia.com/advisories/51327
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html Vendor Advisory
http://www.securityfocus.com/bid/55339
http://www.ubuntu.com/usn/USN-1553-1
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03533078
cvelogic Threat Intelligence