CVE-2016-3458
Published: 21 July 2016
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
From the Ubuntu Security Team
A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
precise |
Released
(6b40-1.13.12-0ubuntu0.12.04.1)
|
trusty |
Released
(6b40-1.13.12-0ubuntu0.14.04.2)
|
|
upstream |
Needs triage
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
precise |
Released
(7u111-2.6.7-0ubuntu0.12.04.2)
|
trusty |
Released
(7u111-2.6.7-0ubuntu0.14.04.3)
|
|
upstream |
Needs triage
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
openjdk-8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Released
(8u91-b14-3ubuntu1~15.10.1)
|
|
xenial |
Released
(8u91-b14-3ubuntu1~16.04.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |