CVE-2016-0402

{"id": "CVE-2016-0402", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2016-01-21T02:59:14.050", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2016/dsa-3458", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2016/dsa-3465", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/81096", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1034715", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2884-1", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2885-1", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1430", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201603-14", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201610-08", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking."}, {"lang": "es", "value": "Vulnerabilidad no especificada en los componentes Java SE y Java SE Embedded en Oracle Java SE 6u105, 7u91 y 8u66 y Java SE Embedded 8u65 permite a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos relacionados con Networking."}], "lastModified": "2022-05-13T14:57:21.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178"}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20"}], "operator": "OR"}]}], "evaluatorComment": "Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.", "sourceIdentifier": "secalert_us@oracle.com"}