CVE-2016-5568

CRITICAL

Oracle Java SE <8 - Info Disclosure

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93621
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20161019-0001/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-43
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201611-04
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037040

Scores

CVSS v3 9.6
EPSS 0.0391
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (6)
oracle/jdk 1.6.0 update121
oracle/jdk 1.7.0 update111
oracle/jdk 1.8.0 update102
oracle/jre 1.6.0 update121
oracle/jre 1.7.0 update111
oracle/jre 1.8.0 update102
Published Oct 25, 2016
Tracked Since Feb 18, 2026