CVE-2012-3202

critical

Published 2012-10-17 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Application impact

Vendor	Product	Versions
oracle	jrockit	`{"startIncluding":"r27.7.0","endIncluding":"r27.7.3"}`
sun	jdk	`1.5.0`
sun	jdk	`1.6.0`
sun	jre	`1.5.0`
sun	jre	`1.6.0`

References

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.securityfocus.com/bid/56050
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://www.securityfocus.com/bid/56050

Verify integrity in audit chain (admin only). AS-IS.