csaf_redhat - rhsa-2017

rhsa-2017_1216

Vulnerability from csaf_redhat

Published

2017-05-09 16:41

Modified

2024-09-15 23:45

Summary

Red Hat Security Advisory: java-1.7.1-ibm security update

Notes

Topic

An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix(es): * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for java-1.7.1-ibm is now available for Red Hat\nSatellite 5.7 and Red Hat Satellite 5.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP1.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2017-3272, CVE-2017-3289, CVE-2017-3253, CVE-2017-3261, CVE-2017-3231, CVE-2016-5547, CVE-2016-5552, CVE-2017-3252, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3241, CVE-2017-3259, CVE-2016-5573, CVE-2016-5554, CVE-2016-5542, CVE-2016-5597, CVE-2016-5556, CVE-2016-3598, CVE-2016-3511, CVE-2016-0363, CVE-2016-0686, CVE-2016-0687, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, CVE-2016-3422, CVE-2016-0376, CVE-2016-0264)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:1216",
        "url": "https://access.redhat.com/errata/RHSA-2017:1216"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1324044",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
      },
      {
        "category": "external",
        "summary": "1327743",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
      },
      {
        "category": "external",
        "summary": "1327749",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
      },
      {
        "category": "external",
        "summary": "1328059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
      },
      {
        "category": "external",
        "summary": "1328210",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
      },
      {
        "category": "external",
        "summary": "1328618",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
      },
      {
        "category": "external",
        "summary": "1328619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
      },
      {
        "category": "external",
        "summary": "1328620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
      },
      {
        "category": "external",
        "summary": "1330986",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
      },
      {
        "category": "external",
        "summary": "1331359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
      },
      {
        "category": "external",
        "summary": "1356971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
      },
      {
        "category": "external",
        "summary": "1358168",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
      },
      {
        "category": "external",
        "summary": "1369383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
      },
      {
        "category": "external",
        "summary": "1385544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
      },
      {
        "category": "external",
        "summary": "1385714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
      },
      {
        "category": "external",
        "summary": "1385723",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
      },
      {
        "category": "external",
        "summary": "1386103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
      },
      {
        "category": "external",
        "summary": "1386408",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
      },
      {
        "category": "external",
        "summary": "1413554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
      },
      {
        "category": "external",
        "summary": "1413562",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
      },
      {
        "category": "external",
        "summary": "1413583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
      },
      {
        "category": "external",
        "summary": "1413653",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
      },
      {
        "category": "external",
        "summary": "1413717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
      },
      {
        "category": "external",
        "summary": "1413764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
      },
      {
        "category": "external",
        "summary": "1413882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
      },
      {
        "category": "external",
        "summary": "1413906",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
      },
      {
        "category": "external",
        "summary": "1413911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
      },
      {
        "category": "external",
        "summary": "1413920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
      },
      {
        "category": "external",
        "summary": "1413923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
      },
      {
        "category": "external",
        "summary": "1413955",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
      },
      {
        "category": "external",
        "summary": "1414163",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_1216.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.7.1-ibm security update",
    "tracking": {
      "current_release_date": "2024-09-15T23:45:52+00:00",
      "generator": {
        "date": "2024-09-15T23:45:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2017:1216",
      "initial_release_date": "2017-05-09T16:41:26+00:00",
      "revision_history": [
        {
          "date": "2017-05-09T16:41:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-05-09T16:41:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-15T23:45:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.6 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite 5.6 (RHEL v.6)",
                  "product_id": "6Server-Satellite56",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.7 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite 5.7 (RHEL v.6)",
                  "product_id": "6Server-Satellite57",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.7::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                "product": {
                  "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                  "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                "product": {
                  "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                  "product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                "product": {
                  "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                  "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                "product": {
                  "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                  "product_id": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.7.1-ibm-devel@1.7.1.4.1-1jpp.1.el6_8?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
                "product": {
                  "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
                  "product_id": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.7.1-ibm@1.7.1.4.1-1jpp.1.el6_8?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
        },
        "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        },
        "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        },
        "product_reference": "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x"
        },
        "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
        "relates_to_product_reference": "6Server-Satellite57"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64 as a component of Red Hat Satellite 5.7 (RHEL v.6)",
          "product_id": "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        },
        "product_reference": "java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
        "relates_to_product_reference": "6Server-Satellite57"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-0264",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2016-04-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1331359"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: buffer overflow vulnerability in the IBM JVM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#1331359",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331359"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0264"
        },
        {
          "category": "external",
          "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
          "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
        }
      ],
      "release_date": "2016-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "JDK: buffer overflow vulnerability in the IBM JVM"
    },
    {
      "cve": "CVE-2016-0363",
      "discovery_date": "2016-04-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1324044"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0363"
        },
        {
          "category": "external",
          "summary": "RHBZ#1324044",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324044"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0363"
        },
        {
          "category": "external",
          "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
          "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
        }
      ],
      "release_date": "2016-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix"
    },
    {
      "cve": "CVE-2016-0376",
      "discovery_date": "2016-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1330986"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0376"
        },
        {
          "category": "external",
          "summary": "RHBZ#1330986",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330986"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0376",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0376"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0376"
        },
        {
          "category": "external",
          "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016",
          "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016"
        }
      ],
      "release_date": "2016-04-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix"
    },
    {
      "cve": "CVE-2016-0686",
      "discovery_date": "2016-04-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1327743"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0686"
        },
        {
          "category": "external",
          "summary": "RHBZ#1327743",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327743"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0686"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0686"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)"
    },
    {
      "cve": "CVE-2016-0687",
      "discovery_date": "2016-04-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1327749"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0687"
        },
        {
          "category": "external",
          "summary": "RHBZ#1327749",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327749"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0687",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0687"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0687"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: insufficient byte type checks (Hotspot, 8132051)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "OpenVPN"
          ]
        },
        {
          "names": [
            "Karthikeyan Bhargavan",
            "Ga\u00ebtan Leurent"
          ],
          "organization": "Inria",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2016-2183",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "discovery_date": "2016-08-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1369383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-2183"
        },
        {
          "category": "external",
          "summary": "RHBZ#1369383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/articles/2548661",
          "url": "https://access.redhat.com/articles/2548661"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/errata/RHSA-2016:1940",
          "url": "https://access.redhat.com/errata/RHSA-2016:1940"
        },
        {
          "category": "external",
          "summary": "https://sweet32.info/",
          "url": "https://sweet32.info/"
        }
      ],
      "release_date": "2016-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "category": "workaround",
          "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)"
    },
    {
      "cve": "CVE-2016-3422",
      "discovery_date": "2016-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1328620"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3422"
        },
        {
          "category": "external",
          "summary": "RHBZ#1328620",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328620"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3422",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3422"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3422"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
    },
    {
      "cve": "CVE-2016-3426",
      "discovery_date": "2016-04-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1328059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3426"
        },
        {
          "category": "external",
          "summary": "RHBZ#1328059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3426"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3426"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)"
    },
    {
      "cve": "CVE-2016-3427",
      "discovery_date": "2016-04-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1328210"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3427"
        },
        {
          "category": "external",
          "summary": "RHBZ#1328210",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328210"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3427"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3427"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-05-12T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)"
    },
    {
      "cve": "CVE-2016-3443",
      "discovery_date": "2016-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1328618"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.  NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3443"
        },
        {
          "category": "external",
          "summary": "RHBZ#1328618",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328618"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3443",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3443"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3443"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)"
    },
    {
      "cve": "CVE-2016-3449",
      "discovery_date": "2016-04-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1328619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3449"
        },
        {
          "category": "external",
          "summary": "RHBZ#1328619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3449",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3449"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3449"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)"
    },
    {
      "cve": "CVE-2016-3511",
      "discovery_date": "2016-07-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1358168"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1358168",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358168"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3511"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-07-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)"
    },
    {
      "cve": "CVE-2016-3598",
      "discovery_date": "2016-06-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1356971"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3598"
        },
        {
          "category": "external",
          "summary": "RHBZ#1356971",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356971"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3598"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3598"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-07-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)"
    },
    {
      "cve": "CVE-2016-5542",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "discovery_date": "2016-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1385723"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5542"
        },
        {
          "category": "external",
          "summary": "RHBZ#1385723",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5542"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-10-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)"
    },
    {
      "cve": "CVE-2016-5546",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413911"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5546"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413911",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413911"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5546"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5546"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)"
    },
    {
      "cve": "CVE-2016-5547",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413764"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5547"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413764",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413764"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5547"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5547"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)"
    },
    {
      "cve": "CVE-2016-5548",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413920"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5548"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413920",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413920"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5548"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5548"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK: DSA implementation timing attack (Libraries, 8168728)"
    },
    {
      "cve": "CVE-2016-5549",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413923"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5549"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413923",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413923"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5549"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5549"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)"
    },
    {
      "cve": "CVE-2016-5552",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413882"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5552"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413882",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413882"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5552"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)"
    },
    {
      "cve": "CVE-2016-5554",
      "discovery_date": "2016-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1385714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5554"
        },
        {
          "category": "external",
          "summary": "RHBZ#1385714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5554",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5554"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5554"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-10-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)"
    },
    {
      "cve": "CVE-2016-5556",
      "discovery_date": "2016-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1386408"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5556"
        },
        {
          "category": "external",
          "summary": "RHBZ#1386408",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386408"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5556"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5556"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-10-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)"
    },
    {
      "cve": "CVE-2016-5573",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2016-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1385544"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim\u0027s browser send HTTP requests to the JDWP port of the debugged application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5573"
        },
        {
          "category": "external",
          "summary": "RHBZ#1385544",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385544"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5573"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5573"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-10-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)"
    },
    {
      "cve": "CVE-2016-5597",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "discovery_date": "2016-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1386103"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5597"
        },
        {
          "category": "external",
          "summary": "RHBZ#1386103",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5597"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5597"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"
        }
      ],
      "release_date": "2016-10-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)"
    },
    {
      "cve": "CVE-2017-3231",
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413717"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3231"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413717",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413717"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3231"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3231"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)"
    },
    {
      "cve": "CVE-2017-3241",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413955"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3241"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413955",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413955"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3241",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3241"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3241"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)"
    },
    {
      "cve": "CVE-2017-3252",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413906"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3252"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413906",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413906"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3252"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3252"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)"
    },
    {
      "cve": "CVE-2017-3253",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413583"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3253"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413583",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413583"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3253"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3253"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)"
    },
    {
      "cve": "CVE-2017-3259",
      "discovery_date": "2017-01-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1414163"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3259"
        },
        {
          "category": "external",
          "summary": "RHBZ#1414163",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414163"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3259"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3259"
        },
        {
          "category": "external",
          "summary": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA",
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)"
    },
    {
      "cve": "CVE-2017-3261",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413653"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3261"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413653",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413653"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3261"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3261"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)"
    },
    {
      "cve": "CVE-2017-3272",
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413554"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3272"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413554",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413554"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3272"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3272"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)"
    },
    {
      "cve": "CVE-2017-3289",
      "discovery_date": "2017-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1413562"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: insecure class construction (Hotspot, 8167104)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
          "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
          "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-3289"
        },
        {
          "category": "external",
          "summary": "RHBZ#1413562",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413562"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-3289"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3289"
        }
      ],
      "release_date": "2017-01-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite56:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite56:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.src",
            "6Server-Satellite57:java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8.x86_64",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.s390x",
            "6Server-Satellite57:java-1.7.1-ibm-devel-1:1.7.1.4.1-1jpp.1.el6_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "OpenJDK: insecure class construction (Hotspot, 8167104)"
    }
  ]
}

cve-2016-3422

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/86488	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:13.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "86488",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86488"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "86488",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86488"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3422",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "86488",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86488"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3422",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:13.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5546

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-06 01:07

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95506	vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded
Oracle	JRockit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "95506",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95506"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        },
        {
          "product": "JRockit",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "95506",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95506"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "JRockit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "95506",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95506"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5546",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2183

Vulnerability from cvelistv5

Published

2016-09-01 00:00

Modified

2024-08-05 23:17

Severity

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

References

URL	Tags
https://access.redhat.com/errata/RHSA-2017:3113	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory
https://www.tenable.com/security/tns-2016-20
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
https://security.gentoo.org/glsa/201612-16	vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
https://access.redhat.com/errata/RHSA-2017:3240	vendor-advisory
https://www.tenable.com/security/tns-2016-16
https://access.redhat.com/errata/RHSA-2017:2709	vendor-advisory
http://www.securityfocus.com/bid/92630	vdb-entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
https://www.tenable.com/security/tns-2016-21
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
https://access.redhat.com/errata/RHSA-2017:3239	vendor-advisory
https://www.exploit-db.com/exploits/42091/	exploit
https://security.gentoo.org/glsa/201701-65	vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.securitytracker.com/id/1036696	vdb-entry
https://security.netapp.com/advisory/ntap-20160915-0001/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://security.gentoo.org/glsa/201707-01	vendor-advisory
http://www.securityfocus.com/bid/95568	vdb-entry
https://access.redhat.com/errata/RHSA-2017:3114	vendor-advisory
https://bto.bluecoat.com/security-advisory/sa133
https://www.tenable.com/security/tns-2017-09
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory
https://wiki.opendaylight.org/view/Security_Advisories
https://access.redhat.com/errata/RHSA-2017:2710	vendor-advisory
https://security.netapp.com/advisory/ntap-20170119-0001/
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
https://www.ietf.org/mail-archive/web/tls/current/msg04560.html	mailing-list
https://access.redhat.com/errata/RHSA-2018:2123	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory
https://access.redhat.com/errata/RHSA-2017:2708	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html	vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
http://rhn.redhat.com/errata/RHSA-2017-0462.html	vendor-advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html	vendor-advisory
http://www.securityfocus.com/archive/1/540341/100/0/threaded	mailing-list
http://www.ubuntu.com/usn/USN-3087-1	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html	vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded	mailing-list
http://www.ubuntu.com/usn/USN-3087-2	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded	mailing-list
https://kc.mcafee.com/corporate/index?page=content&id=SB10197
https://kc.mcafee.com/corporate/index?page=content&id=SB10186
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded	mailing-list
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html	vendor-advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
http://seclists.org/fulldisclosure/2017/Jul/31	mailing-list
http://www.ubuntu.com/usn/USN-3194-1	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html	vendor-advisory
https://seclists.org/bugtraq/2018/Nov/21	mailing-list
https://support.f5.com/csp/article/K13167034
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
http://www.securityfocus.com/archive/1/542005/100/0/threaded	mailing-list
http://www.debian.org/security/2016/dsa-3673	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html	vendor-advisory
http://www.ubuntu.com/usn/USN-3372-1	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html	vendor-advisory
http://www.ubuntu.com/usn/USN-3270-1	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded	mailing-list
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html	vendor-advisory
http://seclists.org/fulldisclosure/2017/May/105	mailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html	vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
http://www.securityfocus.com/archive/1/539885/100/0/threaded	mailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html	vendor-advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html	vendor-advisory
http://www.ubuntu.com/usn/USN-3198-1	vendor-advisory
http://seclists.org/fulldisclosure/2017/May/105
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
http://www.securityfocus.com/archive/1/541104/100/0/threaded	mailing-list
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html	vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html	vendor-advisory
http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded	mailing-list
http://www.ubuntu.com/usn/USN-3179-1	vendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
https://access.redhat.com/errata/RHSA-2019:1245	vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2859	vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0451	vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpujan2020.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://sweet32.info/
http://www.splunk.com/view/SP-CAAAPUE
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://access.redhat.com/articles/2548661
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
http://www.splunk.com/view/SP-CAAAPSV
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://access.redhat.com/security/cve/cve-2016-2183
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:3113",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3113"
          },
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
          },
          {
            "name": "RHSA-2017:3240",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-16"
          },
          {
            "name": "RHSA-2017:2709",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2709"
          },
          {
            "name": "92630",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92630"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
          },
          {
            "name": "RHSA-2017:3239",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3239"
          },
          {
            "name": "42091",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42091/"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "name": "1036696",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "95568",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95568"
          },
          {
            "name": "RHSA-2017:3114",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3114"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.opendaylight.org/view/Security_Advisories"
          },
          {
            "name": "RHSA-2017:2710",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
          },
          {
            "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
          },
          {
            "name": "RHSA-2018:2123",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2123"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:2708",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2708"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          },
          {
            "name": "SUSE-SU-2016:2470",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
          },
          {
            "name": "RHSA-2017:0462",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
          },
          {
            "name": "SUSE-SU-2017:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3087-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-1"
          },
          {
            "name": "SUSE-SU-2016:2469",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
          },
          {
            "name": "openSUSE-SU-2016:2537",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
          },
          {
            "name": "USN-3087-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3087-2"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
          },
          {
            "name": "SUSE-SU-2017:2699",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
          },
          {
            "name": "openSUSE-SU-2016:2407",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
          },
          {
            "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
          },
          {
            "name": "USN-3194-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3194-1"
          },
          {
            "name": "SUSE-SU-2016:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
          },
          {
            "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2018/Nov/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K13167034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
          },
          {
            "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
          },
          {
            "name": "DSA-3673",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3673"
          },
          {
            "name": "openSUSE-SU-2016:2391",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
          },
          {
            "name": "USN-3372-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3372-1"
          },
          {
            "name": "openSUSE-SU-2018:0458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
          },
          {
            "name": "SUSE-SU-2017:0460",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
          },
          {
            "name": "SUSE-SU-2017:0490",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
          },
          {
            "name": "USN-3270-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3270-1"
          },
          {
            "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
          },
          {
            "name": "SUSE-SU-2016:2387",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
          },
          {
            "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "name": "openSUSE-SU-2017:0513",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
          },
          {
            "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2017:0374",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
          },
          {
            "name": "SUSE-SU-2016:2468",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
          },
          {
            "name": "SUSE-SU-2017:0346",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
          },
          {
            "name": "openSUSE-SU-2016:2496",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
          },
          {
            "name": "USN-3198-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3198-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/May/105"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
          },
          {
            "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2017:1444",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
          },
          {
            "name": "SUSE-SU-2016:2394",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
          },
          {
            "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
          },
          {
            "name": "USN-3179-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3179-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
          },
          {
            "name": "RHSA-2019:1245",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1245"
          },
          {
            "name": "RHSA-2019:2859",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2859"
          },
          {
            "name": "RHSA-2020:0451",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0451"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sweet32.info/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPUE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/2548661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAPSV"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2016-2183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:3113",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3113"
        },
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
        },
        {
          "name": "RHSA-2017:3240",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3240"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-16"
        },
        {
          "name": "RHSA-2017:2709",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2709"
        },
        {
          "name": "92630",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/92630"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-21"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
        },
        {
          "name": "RHSA-2017:3239",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3239"
        },
        {
          "name": "42091",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/42091/"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "name": "1036696",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1036696"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "95568",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/95568"
        },
        {
          "name": "RHSA-2017:3114",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3114"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa133"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-09"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "url": "https://wiki.opendaylight.org/view/Security_Advisories"
        },
        {
          "name": "RHSA-2017:2710",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2710"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
        },
        {
          "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
        },
        {
          "name": "RHSA-2018:2123",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2123"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:2708",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2708"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        },
        {
          "name": "SUSE-SU-2016:2470",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
        },
        {
          "name": "RHSA-2017:0462",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
        },
        {
          "name": "SUSE-SU-2017:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3087-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-1"
        },
        {
          "name": "SUSE-SU-2016:2469",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05385680"
        },
        {
          "name": "openSUSE-SU-2016:2537",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
        },
        {
          "name": "USN-3087-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3087-2"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10197"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10186"
        },
        {
          "name": "SUSE-SU-2017:2699",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390849"
        },
        {
          "name": "openSUSE-SU-2016:2407",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613"
        },
        {
          "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
        },
        {
          "name": "USN-3194-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3194-1"
        },
        {
          "name": "SUSE-SU-2016:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
        },
        {
          "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2018/Nov/21"
        },
        {
          "url": "https://support.f5.com/csp/article/K13167034"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05390722"
        },
        {
          "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
        },
        {
          "name": "DSA-3673",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3673"
        },
        {
          "name": "openSUSE-SU-2016:2391",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
        },
        {
          "name": "USN-3372-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3372-1"
        },
        {
          "name": "openSUSE-SU-2018:0458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
        },
        {
          "name": "SUSE-SU-2017:0460",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
        },
        {
          "name": "SUSE-SU-2017:0490",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
        },
        {
          "name": "USN-3270-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3270-1"
        },
        {
          "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
        },
        {
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178"
        },
        {
          "name": "SUSE-SU-2016:2387",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
        },
        {
          "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "name": "openSUSE-SU-2017:0513",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
        },
        {
          "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2017:0374",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369415"
        },
        {
          "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html"
        },
        {
          "name": "SUSE-SU-2016:2468",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
        },
        {
          "name": "SUSE-SU-2017:0346",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
        },
        {
          "name": "openSUSE-SU-2016:2496",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
        },
        {
          "name": "USN-3198-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3198-1"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2017/May/105"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05369403"
        },
        {
          "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2017:1444",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
        },
        {
          "name": "SUSE-SU-2016:2394",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
        },
        {
          "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
        },
        {
          "name": "USN-3179-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3179-1"
        },
        {
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
        },
        {
          "name": "RHSA-2019:1245",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1245"
        },
        {
          "name": "RHSA-2019:2859",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2859"
        },
        {
          "name": "RHSA-2020:0451",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0451"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10310"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://sweet32.info/"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPUE"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
        },
        {
          "url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "url": "https://access.redhat.com/articles/2548661"
        },
        {
          "url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
        },
        {
          "url": "http://www.splunk.com/view/SP-CAAAPSV"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
        },
        {
          "url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
        },
        {
          "url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
        },
        {
          "url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2016-2183"
        },
        {
          "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
        },
        {
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
        },
        {
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
        },
        {
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2183",
    "datePublished": "2016-09-01T00:00:00",
    "dateReserved": "2016-01-29T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0686

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 22:30

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.

References

URL	Tags
http://www.securityfocus.com/bid/86473	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2972-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0676.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0723.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0651.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2964-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2963-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-0675.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3558	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0650.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "86473",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86473"
          },
          {
            "name": "openSUSE-SU-2016:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
          },
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "USN-2972-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2972-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:1235",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:1262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "RHSA-2016:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
          },
          {
            "name": "RHSA-2016:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "USN-2964-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2964-1"
          },
          {
            "name": "openSUSE-SU-2016:1230",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "openSUSE-SU-2016:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
          },
          {
            "name": "USN-2963-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2963-1"
          },
          {
            "name": "RHSA-2016:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
          },
          {
            "name": "SUSE-SU-2016:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "DSA-3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3558"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          },
          {
            "name": "RHSA-2016:0650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "86473",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86473"
        },
        {
          "name": "openSUSE-SU-2016:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
        },
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "USN-2972-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2972-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:1235",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:1262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "RHSA-2016:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
        },
        {
          "name": "RHSA-2016:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "USN-2964-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2964-1"
        },
        {
          "name": "openSUSE-SU-2016:1230",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "openSUSE-SU-2016:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
        },
        {
          "name": "USN-2963-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2963-1"
        },
        {
          "name": "RHSA-2016:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
        },
        {
          "name": "SUSE-SU-2016:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "DSA-3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3558"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        },
        {
          "name": "RHSA-2016:0650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-0686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "86473",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86473"
            },
            {
              "name": "openSUSE-SU-2016:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
            },
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "USN-2972-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2972-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:1235",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:1262",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:0676",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "RHSA-2016:0723",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
            },
            {
              "name": "RHSA-2016:0651",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "USN-2964-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2964-1"
            },
            {
              "name": "openSUSE-SU-2016:1230",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "openSUSE-SU-2016:1265",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
            },
            {
              "name": "USN-2963-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2963-1"
            },
            {
              "name": "RHSA-2016:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
            },
            {
              "name": "SUSE-SU-2016:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "DSA-3558",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3558"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            },
            {
              "name": "RHSA-2016:0650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-0686",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2015-12-09T00:00:00",
    "dateUpdated": "2024-08-05T22:30:04.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5547

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-06 01:07

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).

References

URL	Tags
http://www.securityfocus.com/bid/95521	vdb-entry, x_refsource_BID
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded
Oracle	JRockit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95521",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95521"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        },
        {
          "product": "JRockit",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "95521",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95521"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "JRockit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95521",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95521"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5547",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3511

Vulnerability from cvelistv5

Published

2016-07-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html	vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201610-08	vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/91990	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html	vendor-advisory, x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20160721-0001/	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1475	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1587.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1036365	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-1589.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/91787	vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2016:1476	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1588.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:14.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:2261",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "GLSA-201610-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-08"
          },
          {
            "name": "91990",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91990"
          },
          {
            "name": "SUSE-SU-2016:2012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
          },
          {
            "name": "openSUSE-SU-2016:2052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
          },
          {
            "name": "RHSA-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1475"
          },
          {
            "name": "SUSE-SU-2016:2286",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
          },
          {
            "name": "openSUSE-SU-2016:2051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
          },
          {
            "name": "RHSA-2016:1587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
          },
          {
            "name": "1036365",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036365"
          },
          {
            "name": "RHSA-2016:1589",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "RHSA-2016:1476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1476"
          },
          {
            "name": "SUSE-SU-2016:1997",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "openSUSE-SU-2016:2050",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2016:1979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
          },
          {
            "name": "RHSA-2016:1588",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
          },
          {
            "name": "openSUSE-SU-2016:2058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:2261",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "GLSA-201610-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-08"
        },
        {
          "name": "91990",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91990"
        },
        {
          "name": "SUSE-SU-2016:2012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
        },
        {
          "name": "openSUSE-SU-2016:2052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
        },
        {
          "name": "RHSA-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1475"
        },
        {
          "name": "SUSE-SU-2016:2286",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
        },
        {
          "name": "openSUSE-SU-2016:2051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
        },
        {
          "name": "RHSA-2016:1587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
        },
        {
          "name": "1036365",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036365"
        },
        {
          "name": "RHSA-2016:1589",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "RHSA-2016:1476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1476"
        },
        {
          "name": "SUSE-SU-2016:1997",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "openSUSE-SU-2016:2050",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2016:1979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
        },
        {
          "name": "RHSA-2016:1588",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
        },
        {
          "name": "openSUSE-SU-2016:2058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:2261",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "GLSA-201610-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-08"
            },
            {
              "name": "91990",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91990"
            },
            {
              "name": "SUSE-SU-2016:2012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2016:2052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
            },
            {
              "name": "RHSA-2016:1475",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1475"
            },
            {
              "name": "SUSE-SU-2016:2286",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:2051",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
            },
            {
              "name": "RHSA-2016:1587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
            },
            {
              "name": "1036365",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036365"
            },
            {
              "name": "RHSA-2016:1589",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "RHSA-2016:1476",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1476"
            },
            {
              "name": "SUSE-SU-2016:1997",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "openSUSE-SU-2016:2050",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2016:1979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
            },
            {
              "name": "RHSA-2016:1588",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
            },
            {
              "name": "openSUSE-SU-2016:2058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3511",
    "datePublished": "2016-07-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:14.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5556

Vulnerability from cvelistv5

Published

2016-10-25 14:00

Modified

2024-08-06 01:07

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

References

URL	Tags
https://security.netapp.com/advisory/ntap-20161019-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2659.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2136.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2137.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2138.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2090.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201611-04	vendor-advisory, x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/93618	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-2089.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037040	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2088.html	vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
          },
          {
            "name": "RHSA-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
          },
          {
            "name": "RHSA-2016:2136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "RHSA-2016:2137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
          },
          {
            "name": "RHSA-2016:2138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
          },
          {
            "name": "RHSA-2016:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
          },
          {
            "name": "GLSA-201611-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-04"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "93618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93618"
          },
          {
            "name": "RHSA-2016:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
          },
          {
            "name": "1037040",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037040"
          },
          {
            "name": "RHSA-2016:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T11:06:15",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
        },
        {
          "name": "RHSA-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
        },
        {
          "name": "RHSA-2016:2136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "RHSA-2016:2137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
        },
        {
          "name": "RHSA-2016:2138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
        },
        {
          "name": "RHSA-2016:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
        },
        {
          "name": "GLSA-201611-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-04"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "93618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93618"
        },
        {
          "name": "RHSA-2016:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
        },
        {
          "name": "1037040",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037040"
        },
        {
          "name": "RHSA-2016:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
            },
            {
              "name": "RHSA-2016:2659",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
            },
            {
              "name": "RHSA-2016:2136",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "RHSA-2016:2137",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
            },
            {
              "name": "RHSA-2016:2138",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
            },
            {
              "name": "RHSA-2016:2090",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
            },
            {
              "name": "GLSA-201611-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-04"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "93618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93618"
            },
            {
              "name": "RHSA-2016:2089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
            },
            {
              "name": "1037040",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037040"
            },
            {
              "name": "RHSA-2016:2088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5556",
    "datePublished": "2016-10-25T14:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5573

Vulnerability from cvelistv5

Published

2016-10-25 14:00

Modified

2024-08-06 01:07

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.

References

URL	Tags
http://www.debian.org/security/2016/dsa-3707	vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20161019-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2659.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2136.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2079.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/93628	vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-3130-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2137.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2138.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-43	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-2090.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201611-04	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0061.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3154-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2089.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037040	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2088.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2658.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
          },
          {
            "name": "RHSA-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
          },
          {
            "name": "RHSA-2016:2136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
          },
          {
            "name": "RHSA-2016:2079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
          },
          {
            "name": "93628",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93628"
          },
          {
            "name": "USN-3130-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3130-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "RHSA-2016:2137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
          },
          {
            "name": "RHSA-2016:2138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
          },
          {
            "name": "GLSA-201701-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-43"
          },
          {
            "name": "RHSA-2016:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
          },
          {
            "name": "GLSA-201611-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-04"
          },
          {
            "name": "RHSA-2017:0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "USN-3154-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3154-1"
          },
          {
            "name": "RHSA-2016:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
          },
          {
            "name": "1037040",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037040"
          },
          {
            "name": "RHSA-2016:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
          },
          {
            "name": "RHSA-2016:2658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "DSA-3707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
        },
        {
          "name": "RHSA-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
        },
        {
          "name": "RHSA-2016:2136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
        },
        {
          "name": "RHSA-2016:2079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
        },
        {
          "name": "93628",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93628"
        },
        {
          "name": "USN-3130-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3130-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "RHSA-2016:2137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
        },
        {
          "name": "RHSA-2016:2138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
        },
        {
          "name": "GLSA-201701-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-43"
        },
        {
          "name": "RHSA-2016:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
        },
        {
          "name": "GLSA-201611-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-04"
        },
        {
          "name": "RHSA-2017:0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "USN-3154-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3154-1"
        },
        {
          "name": "RHSA-2016:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
        },
        {
          "name": "1037040",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037040"
        },
        {
          "name": "RHSA-2016:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
        },
        {
          "name": "RHSA-2016:2658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5573",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3707",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3707"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
            },
            {
              "name": "RHSA-2016:2659",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
            },
            {
              "name": "RHSA-2016:2136",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
            },
            {
              "name": "RHSA-2016:2079",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
            },
            {
              "name": "93628",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93628"
            },
            {
              "name": "USN-3130-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3130-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "RHSA-2016:2137",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
            },
            {
              "name": "RHSA-2016:2138",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
            },
            {
              "name": "GLSA-201701-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-43"
            },
            {
              "name": "RHSA-2016:2090",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
            },
            {
              "name": "GLSA-201611-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-04"
            },
            {
              "name": "RHSA-2017:0061",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "USN-3154-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3154-1"
            },
            {
              "name": "RHSA-2016:2089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
            },
            {
              "name": "1037040",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037040"
            },
            {
              "name": "RHSA-2016:2088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
            },
            {
              "name": "RHSA-2016:2658",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5573",
    "datePublished": "2016-10-25T14:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5542

Vulnerability from cvelistv5

Published

2016-10-25 14:00

Modified

2024-08-06 01:07

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

References

URL	Tags
http://www.debian.org/security/2016/dsa-3707	vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20161019-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2659.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2136.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2079.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3130-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2137.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2138.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-43	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-2090.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201611-04	vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/93643	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0061.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3154-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2089.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037040	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2088.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2658.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
          },
          {
            "name": "RHSA-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
          },
          {
            "name": "RHSA-2016:2136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
          },
          {
            "name": "RHSA-2016:2079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
          },
          {
            "name": "USN-3130-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3130-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "RHSA-2016:2137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
          },
          {
            "name": "RHSA-2016:2138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
          },
          {
            "name": "GLSA-201701-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-43"
          },
          {
            "name": "RHSA-2016:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
          },
          {
            "name": "GLSA-201611-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-04"
          },
          {
            "name": "93643",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93643"
          },
          {
            "name": "RHSA-2017:0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "USN-3154-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3154-1"
          },
          {
            "name": "RHSA-2016:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
          },
          {
            "name": "1037040",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037040"
          },
          {
            "name": "RHSA-2016:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
          },
          {
            "name": "RHSA-2016:2658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "DSA-3707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
        },
        {
          "name": "RHSA-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
        },
        {
          "name": "RHSA-2016:2136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
        },
        {
          "name": "RHSA-2016:2079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
        },
        {
          "name": "USN-3130-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3130-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "RHSA-2016:2137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
        },
        {
          "name": "RHSA-2016:2138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
        },
        {
          "name": "GLSA-201701-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-43"
        },
        {
          "name": "RHSA-2016:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
        },
        {
          "name": "GLSA-201611-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-04"
        },
        {
          "name": "93643",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93643"
        },
        {
          "name": "RHSA-2017:0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "USN-3154-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3154-1"
        },
        {
          "name": "RHSA-2016:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
        },
        {
          "name": "1037040",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037040"
        },
        {
          "name": "RHSA-2016:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
        },
        {
          "name": "RHSA-2016:2658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3707",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3707"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
            },
            {
              "name": "RHSA-2016:2659",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
            },
            {
              "name": "RHSA-2016:2136",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
            },
            {
              "name": "RHSA-2016:2079",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
            },
            {
              "name": "USN-3130-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3130-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "RHSA-2016:2137",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
            },
            {
              "name": "RHSA-2016:2138",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
            },
            {
              "name": "GLSA-201701-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-43"
            },
            {
              "name": "RHSA-2016:2090",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
            },
            {
              "name": "GLSA-201611-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-04"
            },
            {
              "name": "93643",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93643"
            },
            {
              "name": "RHSA-2017:0061",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "USN-3154-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3154-1"
            },
            {
              "name": "RHSA-2016:2089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
            },
            {
              "name": "1037040",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037040"
            },
            {
              "name": "RHSA-2016:2088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
            },
            {
              "name": "RHSA-2016:2658",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5542",
    "datePublished": "2016-10-25T14:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5554

Vulnerability from cvelistv5

Published

2016-10-25 14:00

Modified

2024-08-06 01:07

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.

References

URL	Tags
http://www.debian.org/security/2016/dsa-3707	vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20161019-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2659.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2136.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2079.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3130-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2137.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2138.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-43	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-2090.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201611-04	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0061.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/93637	vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3154-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2089.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037040	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2088.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2658.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
          },
          {
            "name": "RHSA-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
          },
          {
            "name": "RHSA-2016:2136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
          },
          {
            "name": "RHSA-2016:2079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
          },
          {
            "name": "USN-3130-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3130-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "RHSA-2016:2137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
          },
          {
            "name": "RHSA-2016:2138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
          },
          {
            "name": "GLSA-201701-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-43"
          },
          {
            "name": "RHSA-2016:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
          },
          {
            "name": "GLSA-201611-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-04"
          },
          {
            "name": "RHSA-2017:0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
          },
          {
            "name": "93637",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93637"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "USN-3154-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3154-1"
          },
          {
            "name": "RHSA-2016:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
          },
          {
            "name": "1037040",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037040"
          },
          {
            "name": "RHSA-2016:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
          },
          {
            "name": "RHSA-2016:2658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "DSA-3707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
        },
        {
          "name": "RHSA-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
        },
        {
          "name": "RHSA-2016:2136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
        },
        {
          "name": "RHSA-2016:2079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
        },
        {
          "name": "USN-3130-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3130-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "RHSA-2016:2137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
        },
        {
          "name": "RHSA-2016:2138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
        },
        {
          "name": "GLSA-201701-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-43"
        },
        {
          "name": "RHSA-2016:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
        },
        {
          "name": "GLSA-201611-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-04"
        },
        {
          "name": "RHSA-2017:0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
        },
        {
          "name": "93637",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93637"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "USN-3154-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3154-1"
        },
        {
          "name": "RHSA-2016:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
        },
        {
          "name": "1037040",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037040"
        },
        {
          "name": "RHSA-2016:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
        },
        {
          "name": "RHSA-2016:2658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5554",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3707",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3707"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
            },
            {
              "name": "RHSA-2016:2659",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
            },
            {
              "name": "RHSA-2016:2136",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
            },
            {
              "name": "RHSA-2016:2079",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
            },
            {
              "name": "USN-3130-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3130-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "RHSA-2016:2137",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
            },
            {
              "name": "RHSA-2016:2138",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
            },
            {
              "name": "GLSA-201701-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-43"
            },
            {
              "name": "RHSA-2016:2090",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
            },
            {
              "name": "GLSA-201611-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-04"
            },
            {
              "name": "RHSA-2017:0061",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
            },
            {
              "name": "93637",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93637"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "USN-3154-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3154-1"
            },
            {
              "name": "RHSA-2016:2089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
            },
            {
              "name": "1037040",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037040"
            },
            {
              "name": "RHSA-2016:2088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
            },
            {
              "name": "RHSA-2016:2658",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5554",
    "datePublished": "2016-10-25T14:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3289

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).

References

URL	Tags
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95525	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:34.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "95525",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95525"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "95525",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95525"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "95525",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95525"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3289",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:34.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0687

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 22:30

Severity

Summary

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html	vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/86459	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2972-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0676.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0723.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0651.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2964-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2963-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-0675.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3558	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0650.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
          },
          {
            "name": "86459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86459"
          },
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "USN-2972-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2972-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:1235",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:1262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "RHSA-2016:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
          },
          {
            "name": "RHSA-2016:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "USN-2964-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2964-1"
          },
          {
            "name": "openSUSE-SU-2016:1230",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "openSUSE-SU-2016:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
          },
          {
            "name": "USN-2963-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2963-1"
          },
          {
            "name": "RHSA-2016:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
          },
          {
            "name": "SUSE-SU-2016:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "DSA-3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3558"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          },
          {
            "name": "RHSA-2016:0650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
        },
        {
          "name": "86459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86459"
        },
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "USN-2972-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2972-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:1235",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:1262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "RHSA-2016:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
        },
        {
          "name": "RHSA-2016:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "USN-2964-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2964-1"
        },
        {
          "name": "openSUSE-SU-2016:1230",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "openSUSE-SU-2016:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
        },
        {
          "name": "USN-2963-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2963-1"
        },
        {
          "name": "RHSA-2016:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
        },
        {
          "name": "SUSE-SU-2016:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "DSA-3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3558"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        },
        {
          "name": "RHSA-2016:0650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-0687",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
            },
            {
              "name": "86459",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86459"
            },
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "USN-2972-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2972-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:1235",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:1262",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:0676",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "RHSA-2016:0723",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
            },
            {
              "name": "RHSA-2016:0651",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "USN-2964-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2964-1"
            },
            {
              "name": "openSUSE-SU-2016:1230",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "openSUSE-SU-2016:1265",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
            },
            {
              "name": "USN-2963-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2963-1"
            },
            {
              "name": "RHSA-2016:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
            },
            {
              "name": "SUSE-SU-2016:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "DSA-3558",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3558"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            },
            {
              "name": "RHSA-2016:0650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-0687",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2015-12-09T00:00:00",
    "dateUpdated": "2024-08-05T22:30:03.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3598

Vulnerability from cvelistv5

Published

2016-07-21 10:00

Modified

2024-08-06 00:03

Severity

Summary

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.

References

URL	Tags
http://www.ubuntu.com/usn/USN-3043-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html	vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201610-08	vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/91918	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html	vendor-advisory, x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20160721-0001/	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1475	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1587.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1036365	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-43	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-1589.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3062-1	vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/91787	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1458	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1588.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1504.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:33.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3043-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3043-1"
          },
          {
            "name": "SUSE-SU-2016:2261",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "GLSA-201610-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-08"
          },
          {
            "name": "91918",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91918"
          },
          {
            "name": "SUSE-SU-2016:2012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
          },
          {
            "name": "openSUSE-SU-2016:2052",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
          },
          {
            "name": "RHSA-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1475"
          },
          {
            "name": "SUSE-SU-2016:2286",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
          },
          {
            "name": "openSUSE-SU-2016:2051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
          },
          {
            "name": "RHSA-2016:1587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
          },
          {
            "name": "1036365",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036365"
          },
          {
            "name": "GLSA-201701-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-43"
          },
          {
            "name": "RHSA-2016:1589",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
          },
          {
            "name": "USN-3062-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3062-1"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "SUSE-SU-2016:1997",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "RHSA-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1458"
          },
          {
            "name": "openSUSE-SU-2016:2050",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2016:1979",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
          },
          {
            "name": "RHSA-2016:1588",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
          },
          {
            "name": "openSUSE-SU-2016:2058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
          },
          {
            "name": "RHSA-2016:1504",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "USN-3043-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3043-1"
        },
        {
          "name": "SUSE-SU-2016:2261",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "GLSA-201610-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-08"
        },
        {
          "name": "91918",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91918"
        },
        {
          "name": "SUSE-SU-2016:2012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
        },
        {
          "name": "openSUSE-SU-2016:2052",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
        },
        {
          "name": "RHSA-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1475"
        },
        {
          "name": "SUSE-SU-2016:2286",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
        },
        {
          "name": "openSUSE-SU-2016:2051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
        },
        {
          "name": "RHSA-2016:1587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
        },
        {
          "name": "1036365",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036365"
        },
        {
          "name": "GLSA-201701-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-43"
        },
        {
          "name": "RHSA-2016:1589",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
        },
        {
          "name": "USN-3062-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3062-1"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "name": "SUSE-SU-2016:1997",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "RHSA-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1458"
        },
        {
          "name": "openSUSE-SU-2016:2050",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2016:1979",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
        },
        {
          "name": "RHSA-2016:1588",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
        },
        {
          "name": "openSUSE-SU-2016:2058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
        },
        {
          "name": "RHSA-2016:1504",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3043-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3043-1"
            },
            {
              "name": "SUSE-SU-2016:2261",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "GLSA-201610-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-08"
            },
            {
              "name": "91918",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91918"
            },
            {
              "name": "SUSE-SU-2016:2012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2016:2052",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
            },
            {
              "name": "RHSA-2016:1475",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1475"
            },
            {
              "name": "SUSE-SU-2016:2286",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:2051",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
            },
            {
              "name": "RHSA-2016:1587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1587.html"
            },
            {
              "name": "1036365",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036365"
            },
            {
              "name": "GLSA-201701-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-43"
            },
            {
              "name": "RHSA-2016:1589",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1589.html"
            },
            {
              "name": "USN-3062-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3062-1"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "SUSE-SU-2016:1997",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "RHSA-2016:1458",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1458"
            },
            {
              "name": "openSUSE-SU-2016:2050",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2016:1979",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
            },
            {
              "name": "RHSA-2016:1588",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1588.html"
            },
            {
              "name": "openSUSE-SU-2016:2058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
            },
            {
              "name": "RHSA-2016:1504",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3598",
    "datePublished": "2016-07-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-06T00:03:33.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0376

Vulnerability from cvelistv5

Published

2016-06-03 14:00

Modified

2024-08-05 22:15

Severity

Summary

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.

References

URL	Tags
http://www-01.ibm.com/support/docview.wss?uid=swg21980826	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/89192	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
http://seclists.org/fulldisclosure/2016/Apr/43	mailing-list, x_refsource_FULLDISC
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035953	vdb-entry, x_refsource_SECTRACK
http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf	x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171	vendor-advisory, x_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/archive/1/538066/100/100/threaded	mailing-list, x_refsource_BUGTRAQ

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "89192",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89192"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Apr/43"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035953"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf"
          },
          {
            "name": "IX90171",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538066/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "89192",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/89192"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Apr/43"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035953"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf"
        },
        {
          "name": "IX90171",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538066/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0376",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "89192",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/89192"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Apr/43"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf",
              "refsource": "MISC",
              "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf"
            },
            {
              "name": "IX90171",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90171"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "20160412 [SE-2012-01] Yet another broken security fix in IBM Java 7/8",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538066/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0376",
    "datePublished": "2016-06-03T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3252

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95509	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:32.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "95509",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95509"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "95509",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95509"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111;JRockit:R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "95509",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95509"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3252",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:32.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5548

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-06 01:07

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95559	vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "95559",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95559"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "95559",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95559"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "95559",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95559"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5548",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3261

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95566	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:33.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "95566",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95566"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "95566",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95566"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3261",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "95566",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95566"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3261",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:33.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3426

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/86449	vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201610-08	vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0651.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2963-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3558	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0650.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:14.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
          },
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "86449",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "GLSA-201610-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-08"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:1262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "RHSA-2016:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "USN-2963-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2963-1"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "DSA-3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3558"
          },
          {
            "name": "RHSA-2016:0650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
        },
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "86449",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "GLSA-201610-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-08"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:1262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "RHSA-2016:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "USN-2963-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2963-1"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "DSA-3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3558"
        },
        {
          "name": "RHSA-2016:0650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
            },
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "86449",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86449"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "GLSA-201610-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-08"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:1262",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "RHSA-2016:0651",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "USN-2963-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2963-1"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "DSA-3558",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3558"
            },
            {
              "name": "RHSA-2016:0650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3426",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:14.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5597

Vulnerability from cvelistv5

Published

2016-10-25 14:00

Modified

2024-08-06 01:07

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

References

URL	Tags
http://www.debian.org/security/2016/dsa-3707	vendor-advisory, x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20161019-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2659.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2136.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2079.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3130-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2137.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2138.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-43	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-2090.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201611-04	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0061.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3154-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2089.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/93636	vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037040	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2016-2088.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2658.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:57.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
          },
          {
            "name": "RHSA-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
          },
          {
            "name": "RHSA-2016:2136",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
          },
          {
            "name": "RHSA-2016:2079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
          },
          {
            "name": "USN-3130-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3130-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "RHSA-2016:2137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
          },
          {
            "name": "RHSA-2016:2138",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
          },
          {
            "name": "GLSA-201701-43",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-43"
          },
          {
            "name": "RHSA-2016:2090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
          },
          {
            "name": "GLSA-201611-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-04"
          },
          {
            "name": "RHSA-2017:0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "USN-3154-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3154-1"
          },
          {
            "name": "RHSA-2016:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
          },
          {
            "name": "93636",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93636"
          },
          {
            "name": "1037040",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037040"
          },
          {
            "name": "RHSA-2016:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
          },
          {
            "name": "RHSA-2016:2658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "DSA-3707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
        },
        {
          "name": "RHSA-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
        },
        {
          "name": "RHSA-2016:2136",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
        },
        {
          "name": "RHSA-2016:2079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
        },
        {
          "name": "USN-3130-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3130-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "RHSA-2016:2137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
        },
        {
          "name": "RHSA-2016:2138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
        },
        {
          "name": "GLSA-201701-43",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-43"
        },
        {
          "name": "RHSA-2016:2090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
        },
        {
          "name": "GLSA-201611-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-04"
        },
        {
          "name": "RHSA-2017:0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "USN-3154-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3154-1"
        },
        {
          "name": "RHSA-2016:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
        },
        {
          "name": "93636",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93636"
        },
        {
          "name": "1037040",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037040"
        },
        {
          "name": "RHSA-2016:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
        },
        {
          "name": "RHSA-2016:2658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3707",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3707"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20161019-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"
            },
            {
              "name": "RHSA-2016:2659",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html"
            },
            {
              "name": "RHSA-2016:2136",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html"
            },
            {
              "name": "RHSA-2016:2079",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
            },
            {
              "name": "USN-3130-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3130-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "RHSA-2016:2137",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html"
            },
            {
              "name": "RHSA-2016:2138",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html"
            },
            {
              "name": "GLSA-201701-43",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-43"
            },
            {
              "name": "RHSA-2016:2090",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"
            },
            {
              "name": "GLSA-201611-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201611-04"
            },
            {
              "name": "RHSA-2017:0061",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "USN-3154-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3154-1"
            },
            {
              "name": "RHSA-2016:2089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"
            },
            {
              "name": "93636",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93636"
            },
            {
              "name": "1037040",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037040"
            },
            {
              "name": "RHSA-2016:2088",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"
            },
            {
              "name": "RHSA-2016:2658",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5597",
    "datePublished": "2016-10-25T14:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:57.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0363

Vulnerability from cvelistv5

Published

2016-06-03 14:00

Modified

2024-08-05 22:15

Severity

Summary

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

References

URL	Tags
http://www-01.ibm.com/support/docview.wss?uid=swg21980826	x_refsource_CONFIRM
http://www.securityfocus.com/bid/85895	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf	x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://seclists.org/fulldisclosure/2016/Apr/20	mailing-list, x_refsource_FULLDISC
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035953	vdb-entry, x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2016/Apr/3	mailing-list, x_refsource_FULLDISC
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172	vendor-advisory, x_refsource_AIXAPAR

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
          },
          {
            "name": "85895",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85895"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035953"
          },
          {
            "name": "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "IX90172",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
        },
        {
          "name": "85895",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85895"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035953"
        },
        {
          "name": "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "IX90172",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "85895",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85895"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf",
              "refsource": "MISC",
              "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "20160404 [SE-2012-01] Broken security fix in IBM Java 7/8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "IX90172",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0363",
    "datePublished": "2016-06-03T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5552

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-06 01:07

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037798	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95512	vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT
https://source.android.com/security/bulletin/2017-02-01.html	x_refsource_CONFIRM

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded
Oracle	JRockit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:58.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "1037798",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037798"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "95512",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95512"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-02-01.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        },
        {
          "product": "JRockit",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "1037798",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037798"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "95512",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95512"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-02-01.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5552",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "JRockit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "1037798",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037798"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "95512",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95512"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            },
            {
              "name": "https://source.android.com/security/bulletin/2017-02-01.html",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2017-02-01.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5552",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:58.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3272

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95533	vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:33.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "95533",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95533"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "95533",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95533"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "95533",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95533"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3272",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:33.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0264

Vulnerability from cvelistv5

Published

2016-05-24 15:00

Modified

2024-08-05 22:15

Severity

Summary

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

References

URL	Tags
http://www-01.ibm.com/support/docview.wss?uid=swg21980826	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035	vendor-advisory, x_refsource_AIXAPAR
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035953	vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "IV84035",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035953"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "IV84035",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035953"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0264",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "IV84035",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0264",
    "datePublished": "2016-05-24T15:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3241

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:16

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/	x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
https://www.exploit-db.com/exploits/41145/	exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/95488	vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded
Oracle	JRockit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "name": "41145",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41145/"
          },
          {
            "name": "95488",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95488"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        },
        {
          "product": "JRockit",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-10T17:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "name": "41145",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41145/"
        },
        {
          "name": "95488",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95488"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "JRockit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/",
              "refsource": "MISC",
              "url": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "41145",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41145/"
            },
            {
              "name": "95488",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95488"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3241",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3449

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/86485	vdb-entry, x_refsource_BID
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:13.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "name": "86485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "name": "86485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "86485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86485"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3449",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:13.664Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3443

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/86482	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
http://www.zerodayinitiative.com/advisories/ZDI-16-376	x_refsource_MISC
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:13.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "86482",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86482"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-376"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.  NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "86482",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86482"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-376"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3443",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.  NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "86482",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86482"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-376",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-376"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3443",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:13.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3427

Vulnerability from cvelistv5

Published

2016-04-21 10:00

Modified

2024-08-05 23:56

Severity

Summary

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0677.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2972-1	vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html	vendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1037331	vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0676.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1430	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0723.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0651.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html	vendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10159	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2964-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html	vendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2963-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-0675.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3558	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0678.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/86421	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0650.html	vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E	mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/08/31/1	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:14.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
          },
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "USN-2972-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2972-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "1037331",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037331"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:1235",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:1262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "RHSA-2016:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
          },
          {
            "name": "RHSA-2016:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
          },
          {
            "name": "USN-2964-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2964-1"
          },
          {
            "name": "openSUSE-SU-2016:1230",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "openSUSE-SU-2016:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
          },
          {
            "name": "USN-2963-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2963-1"
          },
          {
            "name": "RHSA-2016:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
          },
          {
            "name": "SUSE-SU-2016:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "DSA-3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3558"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          },
          {
            "name": "86421",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86421"
          },
          {
            "name": "RHSA-2016:0650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
          },
          {
            "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
          },
          {
            "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-01T02:06:09",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
        },
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "USN-2972-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2972-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "1037331",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037331"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:1235",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:1262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "RHSA-2016:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
        },
        {
          "name": "RHSA-2016:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
        },
        {
          "name": "USN-2964-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2964-1"
        },
        {
          "name": "openSUSE-SU-2016:1230",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "openSUSE-SU-2016:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
        },
        {
          "name": "USN-2963-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2963-1"
        },
        {
          "name": "RHSA-2016:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
        },
        {
          "name": "SUSE-SU-2016:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "DSA-3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3558"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        },
        {
          "name": "86421",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86421"
        },
        {
          "name": "RHSA-2016:0650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
        },
        {
          "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
        },
        {
          "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
            },
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "USN-2972-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2972-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "1037331",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037331"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:1235",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:1262",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:0676",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "RHSA-2016:0723",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
            },
            {
              "name": "RHSA-2016:0651",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
            },
            {
              "name": "USN-2964-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2964-1"
            },
            {
              "name": "openSUSE-SU-2016:1230",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "openSUSE-SU-2016:1265",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
            },
            {
              "name": "USN-2963-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2963-1"
            },
            {
              "name": "RHSA-2016:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
            },
            {
              "name": "SUSE-SU-2016:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "DSA-3558",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3558"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            },
            {
              "name": "86421",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86421"
            },
            {
              "name": "RHSA-2016:0650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258@%3Cuser.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948@%3Cdev.cassandra.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3427",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-08-05T23:56:14.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3253

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95498	vdb-entry, x_refsource_BID
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded
Oracle	JRockit

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:32.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "95498",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        },
        {
          "product": "JRockit",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "R28.3.12"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "95498",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "JRockit",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "R28.3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "95498",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95498"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3253",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:32.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5549

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-06 01:07

Severity

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95530	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:59.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "95530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95530"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "95530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95530"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-5549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "95530",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95530"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-5549",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:59.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3231

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:16

Severity

Summary

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95563	vdb-entry, x_refsource_BID
http://www.debian.org/security/2017/dsa-3782	vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0180.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201707-01	vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0269.html	vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE
Oracle	Java SE Embedded

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "95563",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95563"
          },
          {
            "name": "DSA-3782",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3782"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "RHSA-2017:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "GLSA-201707-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201707-01"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "name": "RHSA-2017:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        },
        {
          "product": "Java SE Embedded",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "8u111"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "95563",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95563"
        },
        {
          "name": "DSA-3782",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3782"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "RHSA-2017:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "GLSA-201707-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201707-01"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "name": "RHSA-2017:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3231",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Java SE Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8u111"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "95563",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95563"
            },
            {
              "name": "DSA-3782",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3782"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "RHSA-2017:0180",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "GLSA-201707-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201707-01"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "RHSA-2017:0269",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3231",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3259

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2024-08-05 14:23

Severity

Summary

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts).

References

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0338.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0176.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/95570	vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201701-65	vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1037637	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2017-0175.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0177.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0263.html	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216	vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20170119-0001/	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0337.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0336.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Oracle	Java SE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:32.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
          },
          {
            "name": "RHSA-2017:0176",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
          },
          {
            "name": "95570",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95570"
          },
          {
            "name": "GLSA-201701-65",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-65"
          },
          {
            "name": "1037637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037637"
          },
          {
            "name": "RHSA-2017:0175",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
          },
          {
            "name": "RHSA-2017:0177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
          },
          {
            "name": "RHSA-2017:0263",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
          },
          {
            "name": "RHSA-2017:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
          },
          {
            "name": "RHSA-2017:0336",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE",
          "vendor": "Oracle",
          "versions": [
            {
              "status": "affected",
              "version": "6u131"
            },
            {
              "status": "affected",
              "version": "7u121"
            },
            {
              "status": "affected",
              "version": "8u112"
            }
          ]
        }
      ],
      "datePublic": "2017-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2017:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
        },
        {
          "name": "RHSA-2017:0176",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
        },
        {
          "name": "95570",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95570"
        },
        {
          "name": "GLSA-201701-65",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-65"
        },
        {
          "name": "1037637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037637"
        },
        {
          "name": "RHSA-2017:0175",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
        },
        {
          "name": "RHSA-2017:0177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
        },
        {
          "name": "RHSA-2017:0263",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
        },
        {
          "name": "RHSA-2017:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
        },
        {
          "name": "RHSA-2017:0336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3259",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6u131"
                          },
                          {
                            "version_value": "7u121"
                          },
                          {
                            "version_value": "8u112"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
            },
            {
              "name": "RHSA-2017:0176",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
            },
            {
              "name": "95570",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95570"
            },
            {
              "name": "GLSA-201701-65",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-65"
            },
            {
              "name": "1037637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037637"
            },
            {
              "name": "RHSA-2017:0175",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
            },
            {
              "name": "RHSA-2017:0177",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
            },
            {
              "name": "RHSA-2017:0263",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
            },
            {
              "name": "RHSA-2017:0337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
            },
            {
              "name": "RHSA-2017:0336",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3259",
    "datePublished": "2017-01-27T22:01:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-05T14:23:32.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags