Oracle Java SE 6 < Update 131 / 7 < Update 121 / 8 < Update 112 Multiple Vulnerabilities

The version of Oracle Java SE installed on the remote host is prior to 6 Update 131, 7 Update 121, or 8 Update 112 and is affected by multiple vulnerabilities :

• An unspecified flaw exists related to the Libraries subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2016-5542)
• A flaw exists in ‘share/classes/com/sun/jmx/remote/util/ClassLoaderWithRepository.java’ related to improper classloader consistency checks. This may allow a context-dependent attacker to bypass certain Java sandbox restrictions. (CVE-2016-5554)
• An unspecified flaw exists related to the 2D subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5556)
• A flaw exists related to the AWT subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5568)
• An unspecified flaw exists related to the hotspot subcomponent. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5573)
• A flaw exists in ‘cpu/sparc/vm/c1_LIRAssembler_sparc.cpp’ and ‘cpu/x86/vm/c1_LIRAssembler_x86.cpp’. The issue is triggered when handling calls to the ‘System.arraycopy()’ method due to missing type checks. This may allow a context-dependent attacker to bypass Java sandbox restrictions. (CVE-2016-5582)
• An unspecified flaw exists related to the Networking subcomponent. This may allow a context-dependent attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2016-5597)