CVE-2016-5549

CWE-3859 documents8 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 32.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Java SEOracle Java SE EmbeddedOracle JDK+1 more
Timeline
PublishedJan 27
Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized acces

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5oracle/java_se_embedded8u111
CVEListV5oracle/java_se7u121, 8u112+1
NVDoracle/jdk1.7, 1.8+1
NVDoracle/jre1.7, 1.8+1
Ubuntuopenjdk-8< 8u121-b13-0ubuntu1.16.04.2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-4p8w-9rpg-4mhm: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2022-05-14
CVEList
CVE-2016-5549: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2017-01-27
OSV
CVE-2016-5549: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2016-12-31

📋Vendor Advisories

3
Ubuntu
OpenJDK 8 vulnerabilities2017-01-25
Red Hat
OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)2017-01-17
Debian
CVE-2016-5549: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2016

💬Community

1
Bugzilla
CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)2017-01-17