Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Oracle Java SE 6 < Update 131 / 7 < Update 121 / 8 < Update 112 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Oracle Java SE patch update.

Description

The version of Oracle Java SE installed on the remote host is prior to 6 Update 131, 7 Update 121, or 8 Update 112 and is affected by multiple vulnerabilities :

- An unspecified flaw exists related to the Libraries subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2016-5542) - A flaw exists in 'share/classes/com/sun/jmx/remote/util/ClassLoaderWithRepository.java' related to improper classloader consistency checks. This may allow a context-dependent attacker to bypass certain Java sandbox restrictions. (CVE-2016-5554) - An unspecified flaw exists related to the 2D subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5556) - A flaw exists related to the AWT subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5568) - An unspecified flaw exists related to the hotspot subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5573) - A flaw exists in 'cpu/sparc/vm/c1_LIRAssembler_sparc.cpp' and 'cpu/x86/vm/c1_LIRAssembler_x86.cpp'. The issue is triggered when handling calls to the 'System.arraycopy()' method due to missing type checks. This may allow a context-dependent attacker to bypass Java sandbox restrictions. (CVE-2016-5582) - An unspecified flaw exists related to the Networking subcomponent. This may allow a context-dependent attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2016-5597)

Solution

Upgrade to Java 1.8.0_112 or later. If version 1.8.x cannot be obtained, versions 1.7.0_121 and 1.6.0_131 are also patched for these vulnerabilities.