CVE-2016-5573Improper Access Control in Oracle JDK

CWE-264CWE-284Improper Access ControlCWE-20Improper Input ValidationCWE-843Type Confusion18 documents8 sources
Severity
9.6CRITICALNVD
NVD8.3CNA8.3OSV8.3OSV3.1
EPSS
2.8%
top 13.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedOct 25
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

8
GHSA
GHSA-xpxv-6ccf-795w: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri2022-05-13
GHSA
GHSA-f57p-w7p5-298g: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri2022-05-13
OSV
openjdk-7 vulnerabilities2016-11-17
OSV
openjdk-8 vulnerabilities2016-11-03
OSV
CVE-2016-5582: Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integri2016-10-25

📋Vendor Advisories

7
Ubuntu
OpenJDK 6 vulnerabilities2016-12-08
Ubuntu
OpenJDK 7 vulnerabilities2016-11-17
Ubuntu
OpenJDK 8 vulnerabilities2016-11-03
Red Hat
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)2016-10-18
Red Hat
OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591)2016-10-18

💬Community

1
Bugzilla
CVE-2016-5573 OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)2016-10-17
CVE-2016-5573 — Improper Access Control in Oracle JDK | cvebase