CVE-2016-0494

{"id": "CVE-2016-0494", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2016-01-21T03:00:42.463", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0049.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0050.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0053.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0054.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0067.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2016/dsa-3458", "source": "secalert_us@oracle.com"}, {"url": "http://www.debian.org/security/2016/dsa-3465", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1034715", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2884-1", "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-2885-1", "source": "secalert_us@oracle.com"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1430", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201603-14", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/201610-08", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."}, {"lang": "es", "value": "Vulnerabilidad no especificada en los componentes Java SE y Java SE Embedded en Oracle Java SE 6u105, 7u91 y 8u66 y Java SE Embedded 8u65 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores desconocidos relacionados con 2D."}], "lastModified": "2022-05-13T14:57:21.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0AD78A5-E3C8-4CF1-967C-7F934F9DAFE3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0EF44A-833C-4B9D-824A-5E0FFFBA8340"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6C77242-C6FB-4BED-BA51-E9477D64E311"}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB263D7-6718-4BE2-8423-B25FD727915E"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1CAC76-2414-43D0-917D-5C1E60438178"}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1475C6EC-E2F6-4881-A89E-FB75C1AD1F20"}], "operator": "OR"}]}], "evaluatorComment": "Per Oracle: Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.", "sourceIdentifier": "secalert_us@oracle.com"}