CVE-2016-0264 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.6 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
ibm	java_sdk	6.0.0.0 ≤ 𝑥 < 6.0.16.25
ibm	java_sdk	6.1.0.0 ≤ 𝑥 < 6.1.8.25
ibm	java_sdk	7.0.0.0 ≤ 𝑥 < 7.0.9.40
ibm	java_sdk	7.1.0.0 ≤ 𝑥 < 7.1.3.40
ibm	java_sdk	8.0.0.0 ≤ 𝑥 < 8.0.3.0
redhat	satellite	5.6
redhat	satellite	5.7
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node_supplementary	6.0
redhat	enterprise_linux_hpc_node_supplementary	7.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	6.7
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_server_eus	7.3
redhat	enterprise_linux_server_eus	7.4
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
suse	manager	2.1
suse	manager_proxy	2.1

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

java-1.6.0-ibm

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-demo

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-devel

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-javacomm

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-jdbc

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-plugin

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.6.0-ibm-src

RHEL 6

1:1.6.0.16.25-1jpp.1.el6_7

fixed

java-1.7.1-ibm

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.7.1-ibm-demo

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.7.1-ibm-devel

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.7.1-ibm-jdbc

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.7.1-ibm-plugin

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.7.1-ibm-src

RHEL 6	1:1.7.1.3.40-1jpp.1.el6_7 fixed
RHEL 7	1:1.7.1.3.40-1jpp.1.el7 fixed

java-1.8.0-ibm

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

java-1.8.0-ibm-demo

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

java-1.8.0-ibm-devel

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

java-1.8.0-ibm-jdbc

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

java-1.8.0-ibm-plugin

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

java-1.8.0-ibm-src

RHEL 6	1:1.8.0.3.0-1jpp.1.el6 fixed
RHEL 7	1:1.8.0.3.0-1jpp.1.el7 fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://rhn.redhat.com/errata/RHSA-2016-0716.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035

http://www-01.ibm.com/support/docview.wss?uid=swg21980826

http://www.securitytracker.com/id/1035953

https://access.redhat.com/errata/RHSA-2016:1430

https://access.redhat.com/errata/RHSA-2017:1216

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://rhn.redhat.com/errata/RHSA-2016-0716.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035

http://www-01.ibm.com/support/docview.wss?uid=swg21980826

http://www.securitytracker.com/id/1035953

https://access.redhat.com/errata/RHSA-2016:1430

https://access.redhat.com/errata/RHSA-2017:1216