CVE-2016-5556 — Improper Access Control in Oracle JDK

CWE-284 — Improper Access Control6 documents6 sources

Severity

9.6CRITICALNVD

EPSS

5.1%

top 10.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE

Timeline

PublishedOct 25

Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2

▶NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-h296-rv9c-3fhw: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via↗2022-05-13

▶

CVEList

CVE-2016-5556: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via↗2016-10-25

▶

📋Vendor Advisories

Red Hat

JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)↗2016-10-18

▶

Debian

CVE-2016-5556: openjdk-8 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remot...↗2016

▶

💬Community

Bugzilla

CVE-2016-5556 Oracle JDK: unspecified vulnerability fixed in 6u131, 7u121, and 8u111 (2D)↗2016-10-18

▶