CVE-2016-5547

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

Exploitation Probability

1.409

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Java SE Development Kit 1.8	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 7.17	Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 7 (x64) 7.17	Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.14	Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43	Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.12	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.1120	Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.1120	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.1120	Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.1120	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 7 (x64) 7.0.1210	Windows
Multiple vulnerabilities are affected in Java SE Development Kit 7 (x86) 7.0.1210	Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3	Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0	Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.0	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.5	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.6	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.7	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.8	Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.1	Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.2	Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.9	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.6.0	Windows
Open Source Java implementation (USN-2964-1) openjdk-7-jdk_7u121-2.6.8-1ubuntu0.14.04.3_i386.deb	Linux
Open Source Java implementation (USN-2964-1) openjdk-7-jdk_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jdk_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jdk_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jdk-headless_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jdk-headless_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3121-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre_7u121-2.6.8-1ubuntu0.14.04.3_i386.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre-zero_7u121-2.6.8-1ubuntu0.14.04.3_i386.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre-zero_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb	Linux
Open Source Java implementation (USN-3130-1) icedtea-7-jre-jamvm_7u121-2.6.8-1ubuntu0.14.04.3_i386.deb	Linux
Open Source Java implementation (USN-3130-1) icedtea-7-jre-jamvm_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_i386.deb	Linux
Open Source Java implementation (USN-3130-1) openjdk-7-jre-headless_7u121-2.6.8-1ubuntu0.14.04.3_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.10.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre_8u121-b13-0ubuntu1.16.10.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.10.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-zero_8u121-b13-0ubuntu1.16.10.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.10.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-jamvm_8u121-b13-0ubuntu1.16.10.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.04.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.04.2_amd64.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.10.2_i386.deb	Linux
Open Source Java implementation (USN-3179-1) openjdk-8-jre-headless_8u121-b13-0ubuntu1.16.10.2_amd64.deb	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-demo-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-devel-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-jdbc-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-plugin-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.i386.rpm	Linux
(RHSA-2017:0337) Critical: java-1.7.0-ibm security update java-1.7.0-ibm-src-1.7.0.10.1-1jpp.1.el5_11.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-349783	Java SE Development Kit (8.0.4610.11) (Manual Upload Required)
PATCH-349784	Java SE Development Kit (x64) (8.0.4610.11) (Manual Upload Required)
PATCH-349781	Java Runtime Environment 1.8 (8.0.4610.11) (Manual Upload Required)
PATCH-349782	Java Runtime Environment 1.8 (x64) (8.0.4610.11) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234