CVE-2016-5546

CWE-20 — Improper Input Validation12 documents8 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Java SE Oracle Java SE Embedded Oracle Jrockit +2 more

Timeline

PublishedJan 27

Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5oracle/java_se_embedded8u111

▶CVEListV5oracle/java_se6u131, 7u121, 8u112+2

▶CVEListV5oracle/jrockitR28.3.12

▶NVDoracle/jrockitr28.3.12

▶NVDoracle/jdk1.6, 1.7, 1.8+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrgr-g95w-822m: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2022-05-14

▶

OSV

openjdk-7 vulnerabilities↗2017-02-09

▶

CVEList

CVE-2016-5546: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2017-01-27

▶

OSV

openjdk-8 vulnerabilities↗2017-01-25

▶

OSV

CVE-2016-5546: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries)↗2016-12-31

▶

📋Vendor Advisories

Ubuntu

OpenJDK 6 vulnerabilities↗2017-02-16

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2017-02-09

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2017-01-25

▶

Red Hat

OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)↗2017-01-17

▶

Debian

CVE-2016-5546: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2016

▶

💬Community

Bugzilla

CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)↗2017-01-17

▶