CVE-2012-5081

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.

Published: 2012-10-16 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-5081 is rated Moderate Risk (49.5/100): CVSS Medium severity, with high exploitation likelihood (EPSS 45.11%, 99th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-5081

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 75.70% 45.11% -30.59%
2 2026-05-28 82.68% 75.70% -6.98%
3 2026-04-29 82.68%

Full EPSS history (43 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-5081

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2012-5081

OS Trackers for CVE-2012-5081

vendor priority summary link
gentoo high CVE-2012-5081: 2 GLSA(s) (201401-30, 201406-32), 6 atom(s) (app-emulation/emul-linux-x86-java, dev-java/icedtea-bin, dev-java/oracle-jdk-bin, dev-java/oracle-jre-bin, dev-java/sun-jdk, dev-java/sun-jre-bin); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-5081
redhat medium https://access.redhat.com/security/cve/CVE-2012-5081
ubuntu low CVE-2012-5081 low priority: Ubuntu including 6 source packages (icedtea-web, openjdk-6, openjdk-6b18, openjdk-7, sun-java5, sun-java6), 42 status rows across 7 suites (hardy, lucid, natty, oneiric, precise, quantal, upstream): DNE 17, released 13, ignored 6, not-affected 5, needs-triage 1. https://ubuntu.com/security/CVE-2012-5081

NVD evaluator notes for CVE-2012-5081

Impact: Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Applies to server deployments of JSSE."

Affected software / configurations for CVE-2012-5081

Vendor Product Version Raw CPE
oracle jdk <= 1.7.0 cpe:2.3:a:oracle:jdk:*:update7:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
oracle jdk 1.7.0 cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
oracle jre <= 1.7.0 cpe:2.3:a:oracle:jre:*:update7:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
oracle jre 1.7.0 cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
oracle jdk <= 1.6.0 cpe:2.3:a:oracle:jdk:*:update35:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
oracle jdk 1.6.0 cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*
oracle jre <= 1.6.0 cpe:2.3:a:oracle:jre:*:update35:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
oracle jre 1.6.0 cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
sun jdk 1.6.0 cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
sun jdk 1.6.0.200 cpe:2.3:a:sun:jdk:1.6.0.200:update20:*:*:*:*:*:*
sun jdk 1.6.0.210 cpe:2.3:a:sun:jdk:1.6.0.210:update21:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
sun jre 1.6.0 cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

References for CVE-2012-5081

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html
http://marc.info/?l=bugtraq&m=135542848327757&w=2
http://marc.info/?l=bugtraq&m=135758563611658&w=2
http://rhn.redhat.com/errata/RHSA-2012-1385.html
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://rhn.redhat.com/errata/RHSA-2012-1391.html
http://rhn.redhat.com/errata/RHSA-2012-1392.html
http://rhn.redhat.com/errata/RHSA-2012-1465.html
http://rhn.redhat.com/errata/RHSA-2012-1466.html
http://rhn.redhat.com/errata/RHSA-2012-1467.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/51028
http://secunia.com/advisories/51029
http://secunia.com/advisories/51141
http://secunia.com/advisories/51166
http://secunia.com/advisories/51313
http://secunia.com/advisories/51315
http://secunia.com/advisories/51326
http://secunia.com/advisories/51327
http://secunia.com/advisories/51328
http://secunia.com/advisories/51390
http://secunia.com/advisories/51393
http://secunia.com/advisories/51438
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www-01.ibm.com/support/docview.wss?uid=swg21620037
http://www-01.ibm.com/support/docview.wss?uid=swg21620575
http://www-01.ibm.com/support/docview.wss?uid=swg21631786
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html Patch Vendor Advisory
http://www.securityfocus.com/bid/56071
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16043
cvelogic Threat Intelligence