CVE-2016-0475

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
oraclejdk
1.8.0
oraclejre
1.8.0
oraclejrockit
r28.3.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openjdk-8
sid
8u432-b06-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
precise
not-affected
trusty
dne
vivid
not-affected
wily
not-affected
xenial
dne
openjdk-7
precise
not-affected
trusty
dne
vivid
not-affected
wily
not-affected
xenial
dne
openjdk-8
precise
dne
trusty
dne
vivid
ignored
wily
Fixed 8u91-b14-0ubuntu4~15.10.1
released
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
java-1_8_0-openjdk
suse enterprise sap 12 SP1
1.8.0.72-3.2
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.161-1.52
fixed
suse enterprise sap 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise sap 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise sap 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise sap 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise sap 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise sap 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise sap 15 SP7
1.8.0.442-150000.3.103.2
fixed
suse enterprise server 12 SP1
1.8.0.72-3.2
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.161-1.52
fixed
suse enterprise server 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise server 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise server 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise server 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise server 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise server 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise server 15 SP7
1.8.0.442-150000.3.103.2
fixed
java-1_8_0-openjdk-demo
suse enterprise sap 12 SP1
1.8.0.72-3.2
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.161-1.52
fixed
suse enterprise sap 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise sap 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise sap 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise sap 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise sap 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise sap 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise sap 15 SP7
1.8.0.442-150000.3.103.2
fixed
suse enterprise server 12 SP1
1.8.0.72-3.2
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.161-1.52
fixed
suse enterprise server 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise server 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise server 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise server 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise server 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise server 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise server 15 SP7
1.8.0.442-150000.3.103.2
fixed
java-1_8_0-openjdk-devel
suse enterprise sap 12 SP1
1.8.0.72-3.2
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.161-1.52
fixed
suse enterprise sap 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise sap 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise sap 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise sap 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise sap 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise sap 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise sap 15 SP7
1.8.0.442-150000.3.103.2
fixed
suse enterprise server 12 SP1
1.8.0.72-3.2
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.161-1.52
fixed
suse enterprise server 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise server 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise server 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise server 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise server 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise server 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise server 15 SP7
1.8.0.442-150000.3.103.2
fixed
java-1_8_0-openjdk-headless
suse enterprise sap 12 SP1
1.8.0.72-3.2
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.161-1.52
fixed
suse enterprise sap 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise sap 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise sap 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise sap 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise sap 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise sap 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise sap 15 SP7
1.8.0.442-150000.3.103.2
fixed
suse enterprise server 12 SP1
1.8.0.72-3.2
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.161-1.52
fixed
suse enterprise server 15 SP1
1.8.0.201-3.16.1
fixed
suse enterprise server 15 SP2
1.8.0.242-3.30.2
fixed
suse enterprise server 15 SP3
1.8.0.282-3.48.1
fixed
suse enterprise server 15 SP4
1.8.0.322-3.64.2
fixed
suse enterprise server 15 SP5
1.8.0.362-150000.3.76.1
fixed
suse enterprise server 15 SP6
1.8.0.412-150000.3.91.1
fixed
suse enterprise server 15 SP7
1.8.0.442-150000.3.103.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.8.0-ibm
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-demo
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-devel
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-jdbc
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-plugin
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-ibm-src
RHEL 7
1:1.8.0.2.10-1jpp.1.el7
fixed
java-1.8.0-openjdk
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-accessibility
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-accessibility-debug
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-demo
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-demo-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-devel
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-devel-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-headless
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-headless-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-javadoc
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-javadoc-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-src
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
java-1.8.0-openjdk-src-debug
RHEL 6
1:1.8.0.71-1.b15.el6_7
fixed
RHEL 7
1:1.8.0.71-2.b15.el7_2
fixed
References
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
http://rhn.redhat.com/errata/RHSA-2016-0049.html
http://rhn.redhat.com/errata/RHSA-2016-0050.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securitytracker.com/id/1034715
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
https://security.gentoo.org/glsa/201610-08
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
http://rhn.redhat.com/errata/RHSA-2016-0049.html
http://rhn.redhat.com/errata/RHSA-2016-0050.html
http://rhn.redhat.com/errata/RHSA-2016-0055.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securitytracker.com/id/1034715
https://kc.mcafee.com/corporate/index?page=content&id=SB10148
https://security.gentoo.org/glsa/201610-08