SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
SecurityTracker Alert ID:  1037040
SecurityTracker URL:  http://securitytracker.com/id/1037040
CVE Reference:   CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597   (Links to External Site)
Date:  Oct 18 2016
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the 2D component to gain elevated privileges [CVE-2016-5556].

A remote user can exploit a flaw in the AWT component to gain elevated privileges [CVE-2016-5568].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2016-5573, CVE-2016-5582].

A remote user can exploit a flaw in the Networking component to access data [CVE-2016-5597].

A remote user can exploit a flaw in the JMX component to partially modify data [CVE-2016-5554].

A remote user can exploit a flaw in the Libraries component to partially modify data [CVE-2016-5542].

The following researchers reported these and other Oracle product vulnerabilities:

Abhishek Singh; Alejo Popovici; Alexander Kornbrust of Red Database Security; Amichai Shulman of Imperva, Inc.; Ariel Walter Garcia; Behzad Najjarpour Jabbari, Secunia Research at Flexera Software; bo13oy of Trend Micro's Zero Day Initiative;
Cezar Santos; David Litchfield of Google; Dawid Golunski; Denis Shpektorov; Devin Rosenbauer of Identity Works LLC; Felix Wilhelm; Hunter Liu of Huawei's IT Infrastructure & Security Dept, BPIT&QM; Jackson Thuraisamy of Security Compass;
Jacob Baines - Tenable Network Security (via Trend Micro's Zero Day Initiative); Jakub Palaczynski of ING Services Polska; John Page (hyp3rlinx); Jordan Milne; Mateusz Guzik; Matias Mevied of Onapsis; Matthias Kaiser of Code White;
Michael Miller of Integrigy; Okan Basegmez of DORASEC Consulting; Pete Finnigan; Peter Moody; Rahmat Nur Fauzi; Reno Robert; Rex Dale Stevens; Sahar Sabban of Intel; Suraj Khetani of Gulf Business Machines; Sven Blumenstein of Google; Tommy DeVoss of Evolution Security; Valentin Dornauer; and Vishnu Padmakumar.

Impact:   A remote user can obtain data on the target system.

A remote user can partially modify data on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix as part of the October 2016 Oracle Critical Patch Update.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 19 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.8.0-openjdk for Red Hat Enterprise Linux 6 and 7.
Oct 20 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.8.0-oracle for Red Hat Enterprise Linux 7.
Oct 20 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 7.
Oct 20 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 7.
Nov 1 2016 (IBM Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM Java SE.
Nov 2 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.8.0-ibm for Red Hat Enterprise Linux 6 and 7.
Nov 2 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.0-ibm for Red Hat Enterprise Linux 5.
Nov 2 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.1-ibm for Red Hat Enterprise Linux 6 and 7.
Nov 3 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 16.04 LTS and 16.10.
Nov 7 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 5 and 6.
Nov 7 2016 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
Nov 8 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Oracle has issued a fix for java-1.7.0-openjdk for Oracle Linux 5 and 6.
Nov 11 2016 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Oracle has issued a fix for java-1.7.0-openjdk for Oracle Linux 7.
Nov 14 2016 (CentOS Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
CentOS has issued a fix for java-1.7.0-openjdk for CentOS 6.
Nov 18 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS.
Dec 8 2016 (Ubuntu Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Ubuntu has issued a fix for OpenJDK 6 for Ubuntu Linux 12.04 LTS.
Dec 23 2016 (IBM Issues Fix for IBM AIX) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Jan 13 2017 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
Jan 26 2017 (IBM Issues Fix for IBM Security Network Protection) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM Security Network Protection.
Jan 26 2017 (IBM Issues Fix for IBM FileNet Content Manager) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM FileNet Content Manager.
Apr 26 2017 (IBM Issues Fix for IBM Tivoli Composite Application Manager) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM Tivoli Composite Application Manager.
May 2 2017 (IBM Issues Fix for IBM Spectrum Protect (IBM Tivoli Storage Manager)) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
IBM has issued a fix for IBM Spectrum Protect (formerly IBM Tivoli Storage Manager).
May 10 2017 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6 for java-1.7.1-ibm.
Aug 1 2017 (Schneider Electric Issues Fix for Schneider Electric Trio TView) Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Schneider Electric has issued a fix for Schneider Electric Trio TView Software.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC