7.5

CVE-2016-5546

EPSS 0.5%
Veröffentlicht 27.01.2017 22:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.6 Updateupdate_131

Oracle ≫ Jdk Version1.7 Updateupdate_121

Oracle ≫ Jdk Version1.8 Updateupdate_111

Oracle ≫ Jdk Version1.8 Updateupdate_112

Oracle ≫ Jre Version1.6 Updateupdate_131

Oracle ≫ Jre Version1.7 Updateupdate_121

Oracle ≫ Jre Version1.8 Updateupdate_111

Oracle ≫ Jre Version1.8 Updateupdate_112

Oracle ≫ Jrockit Versionr28.3.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.649

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

https://access.redhat.com/errata/RHSA-2017:1216

http://rhn.redhat.com/errata/RHSA-2017-0336.html

http://rhn.redhat.com/errata/RHSA-2017-0337.html

http://rhn.redhat.com/errata/RHSA-2017-0338.html

https://security.gentoo.org/glsa/201701-65

https://security.gentoo.org/glsa/201707-01

https://security.netapp.com/advisory/ntap-20170119-0001/

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Patch

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2017-0175.html

http://rhn.redhat.com/errata/RHSA-2017-0176.html

http://rhn.redhat.com/errata/RHSA-2017-0177.html

http://rhn.redhat.com/errata/RHSA-2017-0180.html

http://rhn.redhat.com/errata/RHSA-2017-0263.html

http://rhn.redhat.com/errata/RHSA-2017-0269.html

http://www.debian.org/security/2017/dsa-3782

http://www.securityfocus.com/bid/95506

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037637

https://nvd.nist.gov/vuln/detail/CVE-2016-5546

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5546

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5546

EUVD