Detections
Analytics

Alpine: openjdk7: security update to 7.111.-r2 (deprecated)

critical Tenable Cloud Security Plugin ID 400934

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote
 attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a
 different vulnerability than CVE-2016-5573. (CVE-2016-5582)

 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote
 attackers to affect integrity via vectors related to Libraries. (CVE-2016-5542)

 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote
 attackers to affect integrity via vectors related to JMX. (CVE-2016-5554)

 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect
 confidentiality, integrity, and availability via vectors related to AWT. (CVE-2016-5568)

 - Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote
 attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a
 different vulnerability than CVE-2016-5582. (CVE-2016-5573)

See Also

https://git.alpinelinux.org/aports/commit/?id=71af3ec85b2545d197e50b2b3054b311f76ea95f

https://git.alpinelinux.org/aports/commit/?id=ccb36af7cd9d7866b640e0b455dfa3379ec29bf6

Plugin Details

Severity: Critical

ID: 400934

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-5582

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/17/2016

Vulnerability Publication Date: 10/18/2016

Reference Information

CVE: CVE-2016-5542, CVE-2016-5554, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597

BID: 93643, 93637, 93621, 93628, 93623, 93636