CVE-2016-3587
Published: 21 July 2016
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
From the Ubuntu Security Team
A vulnerability was discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit this to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
sbeattie | likely openjdk-8 only |
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(openjdk-8 only)
|
trusty |
Does not exist
(trusty was not-affected [openjdk-8 only])
|
|
upstream |
Not vulnerable
(openjdk-8 only)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
openjdk-8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Released
(8u91-b14-3ubuntu1~15.10.1)
|
|
xenial |
Released
(8u91-b14-3ubuntu1~16.04.1)
|
|
Patches: upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c387bd2fb7db |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.6 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |