Описание
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.7.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.7.0-openjdk | Not affected | ||
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.8.0-oracle | Fixed | RHSA-2016:0677 | 21.04.2016 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.8.0-oracle | Fixed | RHSA-2016:0677 | 21.04.2016 |
| Red Hat Enterprise Linux 5 Supplementary | java-1.7.0-ibm | Fixed | RHSA-2016:0702 | 29.04.2016 |
| Red Hat Enterprise Linux 5 Supplementary | java-1.6.0-ibm | Fixed | RHSA-2016:0708 | 02.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
EPSS
2.6 Low
CVSS2