CVE-2016-5542

Опубликовано: 18 окт. 2016

Источник: redhat

CVSS3: 3.1

CVSS2: 2.6

EPSS Низкий

Описание

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-327

https://bugzilla.redhat.com/show_bug.cgi?id=1385723OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

EPSS

Процентиль: 83%

0.02018

Низкий

3.1 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

CVE-2016-5542

CVSS3: 3.1

ubuntu

около 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

CVE-2016-5542

CVSS3: 3.1

nvd

около 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

CVE-2016-5542

CVSS3: 3.1

debian

около 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...

GHSA-gjxp-f524-fgrv

CVSS3: 3.1

github

больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

ELSA-2017-0061

oracle-oval

почти 9 лет назад

ELSA-2017-0061: java-1.6.0-openjdk security update (IMPORTANT)

EPSS

Процентиль: 83%

0.02018

Низкий

3.1 Low

CVSS3

2.6 Low

CVSS2