445
VMScore

CVE-2016-0466

Published: 21/01/2016 Updated: 08/09/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote malicious users to affect availability via vectors related to JAXP.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

canonical ubuntu linux 15.10

oracle jdk 1.6.0

oracle jdk 1.7.0

oracle jdk 1.8.0

oracle jre 1.6.0

oracle jre 1.7.0

oracle jre 1.8.0

Vendor Advisories

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory ...
Several security issues were fixed in OpenJDK 6 ...
Several security issues were fixed in OpenJDK 7 ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 7u95-264-1~deb7u1 For the stable distribution (j ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 6b38-11310-1~deb7u1 We recommend that you upgra ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) An integer signedness is ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) A flaw was found in the ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) An integer signedness is ...
Oracle Critical Patch Update Advisory - January 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Pat ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...

References

NVD-CWE-noinfohttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0049.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0050.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0053.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0054.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0057.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0067.htmlhttp://www.debian.org/security/2016/dsa-3458http://www.debian.org/security/2016/dsa-3465http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/81118http://www.securitytracker.com/id/1034715http://www.ubuntu.com/usn/USN-2884-1http://www.ubuntu.com/usn/USN-2885-1https://access.redhat.com/errata/RHSA-2016:1430https://kc.mcafee.com/corporate/index?page=content&id=SB10148https://security.gentoo.org/glsa/201603-14https://security.gentoo.org/glsa/201610-08https://nvd.nist.govhttps://www.securityfocus.com/bid/81118https://www.rapid7.com/db/vulnerabilities/aix-7.1-java_jan2016_advisory_cve-2016-0466https://access.redhat.com/security/cve/cve-2016-0466https://usn.ubuntu.com/2885-1/