CVE-2016-5568

moderate-risk
Published 2016-10-25

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

Do I need to act?

-
0.92% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Jdk
Jdk
Jre
Jdk
Jre
Jre

Affected Vendors

Oracle

References (14)

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93621
http://www.securitytracker.com/id/1037040
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab...
https://security.gentoo.org/glsa/201611-04
https://security.gentoo.org/glsa/201701-43
https://security.netapp.com/advisory/ntap-20161019-0001/
Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93621
http://www.securitytracker.com/id/1037040
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab...
https://security.gentoo.org/glsa/201611-04
https://security.gentoo.org/glsa/201701-43
https://security.netapp.com/advisory/ntap-20161019-0001/
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 13/34 · Low