Vulnerability in Oracle Java SE, Java SE Embedded, and JRockit Components
CVE-2016-5547

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Java Se
Java Se Embedded
Jrockit
Vendor
CVE Published:
27 January 2017

Summary

An easily exploitable vulnerability exists in the Libraries component of Oracle's Java SE, Java SE Embedded, and JRockit, allowing unauthenticated attackers with network access to affect both client and server deployments. The flaw can lead to a partial denial of service (DoS) in Java applications. It is exploitable through sandboxed Java Web Start applications, applets, and directly via APIs, which enables data submission without the constraints of the sandboxed environment. This threat underscores the importance of maintaining updated software and enhancing security measures.

Affected Version(s)

Java SE 7u121

Java SE 8u112

Java SE Embedded 8u111

References

http://www.securityfocus.com/bid/95521
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.