CVE-2016-0448Log File Information Exposure in Oracle JDK

CWE-532Log File Information Exposure10 documents8 sources
Severity
4.0MEDIUMNVD
OSV5.9
EPSS
0.3%
top 43.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Ubuntu LinuxOracle JDKOracle JRE
Timeline
PublishedJan 21
Latest updateMay 13

Description

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.8.0+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

4
GHSA
GHSA-4wfm-8gw8-6vq9: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows rem2022-05-13
OSV
openjdk-7 vulnerabilities2016-02-01
CVEList
CVE-2016-0448: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows rem2016-01-21
OSV
CVE-2016-0448: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows rem2016-01-20

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2016-02-01
Ubuntu
OpenJDK 6 vulnerabilities2016-02-01
Red Hat
OpenJDK: logging of RMI connection secrets (JMX, 8130710)2016-01-19
Debian
CVE-2016-0448: openjdk-8 - Unspecified vulnerability in the Java SE and Java SE Embedded components in Orac...2016

💬Community

1
Bugzilla
CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)2016-01-15
CVE-2016-0448 — Log File Information Exposure in Oracle | cvebase