Network Vulnerability in Oracle Java SE and JRockit Products
CVE-2016-5552

5.3MEDIUM

Key Information:

Vendor

Oracle
Status
Java Se
Java Se Embedded
Jrockit
Vendor
CVE Published:
27 January 2017

What is CVE-2016-5552?

A vulnerability exists in Oracle Java SE and JRockit, specifically in the networking component, that allows unauthenticated attackers with network access to potentially compromise these products. This can occur through multiple protocols and affect both client and server deployments. Attackers may exploit this vulnerability via sandboxed Java Web Start applications and applets or through APIs without sandboxing, enabling unauthorized updates, insertions, or deletions of accessible data.

Affected Version(s)

Java SE 6u131

Java SE 7u121

Java SE 8u112

References

http://rhn.redhat.com/errata/RHSA-2017-0338.html
vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3782
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2017-0176.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.