Library Vulnerability in Oracle Java SE and JRockit Products
CVE-2016-5546

7.5HIGH

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Jrockit
Vendor
CVE Published:
27 January 2017

Summary

A vulnerability in the libraries of Oracle Java SE and JRockit poses a significant risk, allowing unauthorized attackers with network access to exploit various protocols. This vulnerability can lead to the unauthorized creation, deletion, or modification of critical data, potentially affecting all accessible data within the Java environment. Notably, it can be exploited through sandboxed Java Web Start applications and sandboxed Java applets, as well as by supplying data directly to APIs without requiring these sandboxing methods, such as through web services.

Affected Version(s)

Java SE 6u131

Java SE 7u121

Java SE 8u112

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.