CVE-2016-5556

CRITICAL

Oracle JDK and JRE - Remote Code Execution via 2D Component

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

References (14)

Core 14
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20161019-0001/
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2659.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2136.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2137.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2138.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2090.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201611-04
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1216
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93618
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2089.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037040
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2088.html

Scores

CVSS v3 9.6
EPSS 0.0488
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (6)
oracle/jdk 1.6.0 update121
oracle/jdk 1.7.0 update111
oracle/jdk 1.8.0 update102
oracle/jre 1.6.0 update121
oracle/jre 1.7.0 update111
oracle/jre 1.8.0 update102
Published Oct 25, 2016
Tracked Since Feb 18, 2026