CVE-2016-5552

MEDIUM

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).

References

http://rhn.redhat.com/errata/RHSA-2017-0175.html

http://rhn.redhat.com/errata/RHSA-2017-0176.html

http://rhn.redhat.com/errata/RHSA-2017-0177.html

http://rhn.redhat.com/errata/RHSA-2017-0180.html

http://rhn.redhat.com/errata/RHSA-2017-0263.html

http://rhn.redhat.com/errata/RHSA-2017-0269.html

http://rhn.redhat.com/errata/RHSA-2017-0336.html

http://rhn.redhat.com/errata/RHSA-2017-0337.html

http://rhn.redhat.com/errata/RHSA-2017-0338.html

http://www.debian.org/security/2017/dsa-3782

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

http://www.securityfocus.com/bid/95512

http://www.securitytracker.com/id/1037637

http://www.securitytracker.com/id/1037798

https://access.redhat.com/errata/RHSA-2017:1216

https://security.gentoo.org/glsa/201701-65

https://security.gentoo.org/glsa/201707-01

https://security.netapp.com/advisory/ntap-20170119-0001/

https://source.android.com/security/bulletin/2017-02-01.html

Details

Source: MITRE

Published: 2017-01-27

Updated: 2018-01-05

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
127348NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)NessusNewStart CGSL Local Security Checks
high
121694Photon OS 1.0: Openjre PHSA-2017-0016NessusPhotonOS Local Security Checks
high
121693Photon OS 1.0: Openjdk PHSA-2017-0016NessusPhotonOS Local Security Checks
high
111865Photon OS 1.0: Gnutls / Linux / Openjdk / Openjre PHSA-2017-0016 (deprecated)NessusPhotonOS Local Security Checks
high
103190AIX Java Advisory : java_jan2017_advisory.asc (January 2017 CPU) (SWEET32)NessusAIX Local Security Checks
high
101422Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2017-0269)NessusVirtuozzo Local Security Checks
medium
101412Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-0180)NessusVirtuozzo Local Security Checks
medium
101248GLSA-201707-01 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
100094RHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)NessusRed Hat Local Security Checks
critical
99873EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1028)NessusHuawei Local Security Checks
medium
99872EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1027)NessusHuawei Local Security Checks
medium
99862EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1016)NessusHuawei Local Security Checks
medium
99861EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1015)NessusHuawei Local Security Checks
medium
97462RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2017:0338)NessusRed Hat Local Security Checks
medium
97461RHEL 5 : java-1.7.0-ibm (RHSA-2017:0337)NessusRed Hat Local Security Checks
medium
97460RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:0336)NessusRed Hat Local Security Checks
medium
97296SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2017:0490-1)NessusSuSE Local Security Checks
medium
97287openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-278)NessusSuSE Local Security Checks
medium
97209Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3198-1)NessusUbuntu Local Security Checks
medium
97187SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:0460-1)NessusSuSE Local Security Checks
medium
97147Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-797)NessusAmazon Linux Local Security Checks
medium
97139Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2017-0269)NessusOracle Linux Local Security Checks
medium
97134CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2017:0269)NessusCentOS Local Security Checks
medium
97122Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170213)NessusScientific Linux Local Security Checks
medium
97121RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269)NessusRed Hat Local Security Checks
medium
97105Debian DLA-821-1 : openjdk-7 security updateNessusDebian Local Security Checks
medium
97095RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:0263)NessusRed Hat Local Security Checks
medium
97084Ubuntu 12.04 LTS / 14.04 LTS : openjdk-7 vulnerabilities (USN-3194-1)NessusUbuntu Local Security Checks
medium
97067Debian DSA-3782-1 : openjdk-7 - security updateNessusDebian Local Security Checks
medium
97002openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-201)NessusSuSE Local Security Checks
medium
96926SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:0346-1)NessusSuSE Local Security Checks
medium
9917Oracle Java SE 6 < Update 141 / 7 < Update 131 / 8 < Update 121 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
96809Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-791)NessusAmazon Linux Local Security Checks
medium
96796Ubuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3179-1)NessusUbuntu Local Security Checks
medium
96787GLSA-201701-65 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
96757Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)NessusScientific Linux Local Security Checks
medium
96693RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180)NessusRed Hat Local Security Checks
medium
96692Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2017-0180)NessusOracle Linux Local Security Checks
medium
96664CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:0180)NessusCentOS Local Security Checks
medium
96652RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2017:0177)NessusRed Hat Local Security Checks
medium
96651RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2017:0176)NessusRed Hat Local Security Checks
medium
96650RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:0175)NessusRed Hat Local Security Checks
medium
96629Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (Unix) (SWEET32)NessusMisc.
medium
96628Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)NessusWindows
medium
96627Oracle JRockit R28.3.12 Multiple Vulnerabilities (January 2017 CPU)NessusWindows
medium