The version of Oracle Java SE installed on the remote host is prior to 6 Update 131, 7 Update 121, or 8 Update 112 and is affected by multiple vulnerabilities :
- An unspecified flaw exists related to the Libraries subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2016-5542)
- A flaw exists in ‘share/classes/com/sun/jmx/remote/util/ClassLoaderWithRepository.java’ related to improper classloader consistency checks. This may allow a context-dependent attacker to bypass certain Java sandbox restrictions. (CVE-2016-5554)
- An unspecified flaw exists related to the 2D subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5556)
- A flaw exists related to the AWT subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5568)
- An unspecified flaw exists related to the hotspot subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5573)
- A flaw exists in ‘cpu/sparc/vm/c1_LIRAssembler_sparc.cpp’ and ‘cpu/x86/vm/c1_LIRAssembler_x86.cpp’. The issue is triggered when handling calls to the ‘System.arraycopy()’ method due to missing type checks. This may allow a context-dependent attacker to bypass Java sandbox restrictions. (CVE-2016-5582)
- An unspecified flaw exists related to the Networking subcomponent. This may allow a context-dependent attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2016-5597)