CVE-2016-5597

Опубликовано: 18 окт. 2016

Источник: redhat

CVSS3: 5.3

CVSS2: 2.6

Описание

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-319

https://bugzilla.redhat.com/show_bug.cgi?id=1386103OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)

5.3 Medium

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

CVE-2016-5597

CVSS3: 5.9

ubuntu

почти 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

CVE-2016-5597

CVSS3: 5.9

nvd

почти 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

CVE-2016-5597

CVSS3: 5.9

debian

почти 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...

GHSA-6q5r-8qc5-j49x

CVSS3: 5.9

github

больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

ELSA-2017-0061

oracle-oval

больше 8 лет назад

ELSA-2017-0061: java-1.6.0-openjdk security update (IMPORTANT)

5.3 Medium

CVSS3

2.6 Low

CVSS2