Vulnerability ID 7028

Oracle Java JDK/Open JDK 1.7/1.7.0_2/1.7.0_4 MurmurHash Implementation denial of service

Oracle
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
6.5$0-$1k

A vulnerability was found in Oracle Java JDK and Open JDK 1.7/1.7.0_2/1.7.0_4. It has been rated as critical. Affected by this issue is an unknown function of the component MurmurHash Implementation. The manipulation with an unknown input leads to a denial of service vulnerability. Impacted is availability.

The weakness was presented 11/23/2012 by Jean-Philippe Aumasson as 2012-001 as confirmed advisory (Website). The advisory is shared for download at ocert.org. The public release was coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2012-5373 since 10/10/2012. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available.

The vulnerability was handled as a non-public zero-day exploit for at least 85 days. During that time the estimated underground price was around $5k-$10k. The vulnerability scanner Nessus provides a plugin with the ID 802680 , which helps to determine the existence of the flaw in a target environment.

The vulnerability is also documented in the databases at SecurityFocus (BID 56673), X-Force (80299) and Vulnerability Center (SBV-37571).

CVSSv3

Base Score: 7.5 [?]
Temp Score: 6.5 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
Temp Score: 5.3 (CVSS2#E:U/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Denial of service (CWE-310)
Local: No
Remote: Yes

Availability: Yes
Access: Private
Status: Unproven

Current Price Estimation: $5k-$10k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 802680
Nessus Risk: Medium
OpenVAS ID: 802680
OpenVAS Name: Oracle Java SE MurmurHash Algorithm Hash Collision DoS Vulnerability (Windows)
OpenVAS File: gb_oracle_java_se_murmurhash_dos_vuln_win.nasl
OpenVAS Family: Denial of Service

Countermeasures

Recommended: no mitigation known
Status: Official fix
0-Day Time: 85 days since found

Timeline

08/30/2012 Vendor informed
10/10/2012 +41 days CVE assigned
11/23/2012 +44 days Advisory disclosed
11/23/2012 +0 days VulnerabilityCenter entry assigned
11/28/2012 +5 days NVD disclosed
11/28/2012 +0 days OSVDB entry created
11/29/2012 +1 days VulDB entry created
12/04/2012 +5 days Nessus plugin released
12/09/2012 +5 days VulnerabilityCenter entry created
04/16/2015 +858 days VulnerabilityCenter entry updated
07/08/2015 +84 days VulDB entry updated

Sources

Advisory: 2012-001
Researcher: Jean-Philippe Aumasson
Status: Confirmed
Confirmation: bugzilla.redhat.com
Coordinated: Yes

CVE: CVE-2012-5373 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 56673
X-Force: 80299 - Java Murmur hash denial of service, Medium Risk
Vulnerability Center: 37571 - Oracle JRE Remote Denial of Service due to a Problem When Computing Hash Values - CVE-2012-5373, Medium
OSVDB: 87862

Entry

Created: 11/29/2012
Updated: 07/08/2015
Entry: 88.4% complete