SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
SecurityTracker Alert ID:  1035596
SecurityTracker URL:  http://securitytracker.com/id/1035596
CVE Reference:   CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449   (Links to External Site)
Date:  Apr 19 2016
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u113, 7u99, 8u77
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the 2D component to gain elevated privileges [CVE-2016-3443].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2016-0687].

A remote user can exploit a flaw in the Serialization component to gain elevated privileges [CVE-2016-0686].

A remote user can exploit a flaw in the JMX component to gain elevated privileges [CVE-2016-3427].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2016-3449].

A remote user can exploit a flaw in the Security component to access data [CVE-2016-0695].

A remote user can exploit a flaw in the JAXP component to cause partial denial of service conditions [CVE-2016-3425].

A remote user can exploit a flaw in the 2D component to cause partial denial of service conditions [CVE-2016-3422].

A remote user can exploit a flaw in the JCE component to partially access data [CVE-2016-3426].

Alex Gaynor; Alexander Innes of Necurity; Bees Bobo of CloverSec Labs; bo13oy of Trend Micro's Zero Day Initiative; Daniel Bleichenbacher of Google; David Cash of NCC Group; David Litchfield of Google; Dennis Tighe of Amazon Web Services IT Security;
Aleksandar Nikolic of Cisco Talos; Jacob Baines of Tenable Network Security; Jakub Palaczynski from ING Services Polska; Joshua Maddux; Marcin Woloszyn of ING Services Polska; Mark E D Thomas; Martin Petran of Accenture; Matias Mevied of Onapsis;
Paul Kehrer; Pierre Ernst of Salesforce.com; Quan Nguyen of Google; six and m4xk from Docler Holding IT Security Team; Steffen Gurtler of Bosch Software Innovations GmbH; Sule Bekin of Turk Telekom; and Thomas Van Tongerloo of Hewlett Packard Enterprise.
Impact:   A remote user can obtain data on the target system.

A remote user can gain elevated privileges on the target system.
Solution:   Oracle has issued a fix as part of the April 2016 Oracle Critical Patch Update.

The Oracle advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 21 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Apr 21 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Apr 21 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Oracle has issued a fix for Oracle Linux 7.
Apr 21 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Oracle has issued a fix for Oracle Linux 6.
Apr 21 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Apr 21 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 7.
Apr 21 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 6.
Apr 22 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5 and 7.
Apr 22 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 7.
Apr 22 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Oracle has issued a fix for java-1.7.0-openjdk for Oracle Linux 5, 6, and 7.
Apr 29 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.1-ibm for Red Hat Enterprise Linux 6 and 7.
Apr 29 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.0-ibm for Red Hat Enterprise Linux 5.
May 2 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 5 and 6.
May 4 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.8.0-ibm for Red Hat Enterprise Linux 7.
May 5 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Ubuntu has issued a fix for OpenJDK 7 for Ubuntu Linux 14.04 LTS and 15.10.
May 5 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Ubuntu has issued a fix for OpenJDK 8 for Ubuntu Linux 16.04 LTS.
May 7 2016 (IBM Issues Fix for IBM AIX) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
May 9 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Oracle has issued a fix for java-1.6.0-openjdk for Oracle Linux 5, 6, 7.
May 9 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
May 9 2016 (CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
CentOS has issued a fix for java-1.6.0-openjdk for CentOS 5, 6, and 7.
May 11 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Ubuntu has issued a fix for OpenJDK 6 for Ubuntu Linux 12.04 LTS.
May 11 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.8.0-ibm for Red Hat Enterprise Linux 6.
May 19 2016 (VMware Issues Fix for VMware vCloud Director) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
VMware has issued a fix for VMware vCloud Director.
May 19 2016 (VMware Issues Fix for VMware vCenter Server) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
VMware has issued a fix for VMware vCenter Server.
May 19 2016 (VMware Issues Fix for VMware vSphere Replication) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
VMware has issued a fix for VMware vSphere Replication.
May 19 2016 (VMware Describes Workaround for VMware vRealize Operations) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
VMware has described a workaround for VMware vRealize Operations.
May 20 2016 (IBM Issues Fix for IBM WebSphere MQ) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM WebSphere MQ.
May 20 2016 (IBM Issues Fix for IBM Content Manager Enterprise Edition) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Content Manager Enterprise Edition.
May 25 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.1-ibm for Red Hat Enterprise Linux 6 and 7.
May 25 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for java-1.7.0-ibm for Red Hat Enterprise Linux 5.
Jun 28 2016 (IBM Issues Fix for IBM Tivoli Storage Manager for Virtual Environments) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Tivoli Storage Manager for Virtual Environments.
Jul 8 2016 (IBM Issues Fix for IBM Cognos Metrics Manager) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Cognos Metrics Manager.
Jul 29 2016 (IBM Issues Fix for IBM InfoSphere Information Server) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM InfoSphere Information Server.
Aug 9 2016 (IBM Issues Fix for IBM Cognos TM1) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Cognos TM1.
Oct 17 2016 (IBM Issues Fix for IBM Systems Director) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Systems Director.
Oct 25 2016 (IBM Issues Fix for IBM Systems Director) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
IBM has issued a fix for IBM Systems Director.
May 10 2017 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 6 for java-1.7.1-ibm.


 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC