CVE-2016-5582

high-risk
Published 2016-10-25

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.

Do I need to act?

~
4.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Jdk
Jdk
Jdk
Jre
Jre
Jdk
Jre
Jre

Affected Vendors

Oracle

References (32)

http://rhn.redhat.com/errata/RHSA-2016-2079.html
http://rhn.redhat.com/errata/RHSA-2016-2088.html
http://rhn.redhat.com/errata/RHSA-2016-2089.html
http://rhn.redhat.com/errata/RHSA-2016-2090.html
http://rhn.redhat.com/errata/RHSA-2016-2658.html
http://rhn.redhat.com/errata/RHSA-2017-0061.html
http://www.debian.org/security/2016/dsa-3707
Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93623
http://www.securitytracker.com/id/1037040
http://www.ubuntu.com/usn/USN-3130-1
http://www.ubuntu.com/usn/USN-3154-1
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab...
https://security.gentoo.org/glsa/201611-04
https://security.gentoo.org/glsa/201701-43
https://security.netapp.com/advisory/ntap-20161019-0001/
http://rhn.redhat.com/errata/RHSA-2016-2079.html
http://rhn.redhat.com/errata/RHSA-2016-2088.html
http://rhn.redhat.com/errata/RHSA-2016-2089.html
http://rhn.redhat.com/errata/RHSA-2016-2090.html
and 12 more references
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 14/34 · Moderate