CVE-2016-5556

high-risk
Published 2016-10-25

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

Do I need to act?

~
5.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Jdk
Jdk
Jre
Jdk
Jre
Jre

Affected Vendors

Oracle

References (28)

http://rhn.redhat.com/errata/RHSA-2016-2088.html
http://rhn.redhat.com/errata/RHSA-2016-2089.html
http://rhn.redhat.com/errata/RHSA-2016-2090.html
http://rhn.redhat.com/errata/RHSA-2016-2136.html
http://rhn.redhat.com/errata/RHSA-2016-2137.html
http://rhn.redhat.com/errata/RHSA-2016-2138.html
http://rhn.redhat.com/errata/RHSA-2016-2659.html
Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93618
http://www.securitytracker.com/id/1037040
https://access.redhat.com/errata/RHSA-2017:1216
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab...
https://security.gentoo.org/glsa/201611-04
https://security.netapp.com/advisory/ntap-20161019-0001/
http://rhn.redhat.com/errata/RHSA-2016-2088.html
http://rhn.redhat.com/errata/RHSA-2016-2089.html
http://rhn.redhat.com/errata/RHSA-2016-2090.html
http://rhn.redhat.com/errata/RHSA-2016-2136.html
http://rhn.redhat.com/errata/RHSA-2016-2137.html
http://rhn.redhat.com/errata/RHSA-2016-2138.html
and 8 more references
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 13/34 · Low