5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.1%
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java
SE Embedded 8u101 allows remote attackers to affect confidentiality via
vectors related to Networking.
Author | Note |
---|---|
sbeattie | from the upstream release notes: In some environments, certain authentication schemes may be undesirable when proxying HTTPS. Accordingly, the Basic authentication scheme has been deactivated, by default, in the Oracle Java Runtime, by adding Basic to the jdk.http.auth.tunneling.disabledSchemes networking property. Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to “” ( empty ) on the command line. . Additionally, the jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes networking properties, and system properties of the same name, can be used to disable other authentication schemes that may be active when setting up a tunnel for HTTPS, or proxying plain HTTP, respectively. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | openjdk-6 | < 6b40-1.13.12-0ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 14.04 | noarch | openjdk-6 | < 6b40-1.13.12-0ubuntu0.14.04.3 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u121-2.6.8-1ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | openjdk-7 | < 7u121-2.6.8-1ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | openjdk-8 | < 8u111-b14-2ubuntu0.16.04.2 | UNKNOWN |
ubuntu | 16.10 | noarch | openjdk-8 | < 8u111-b14-2ubuntu0.16.10.2 | UNKNOWN |
hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d689f7b806c8
www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA
launchpad.net/bugs/cve/CVE-2016-5597
nvd.nist.gov/vuln/detail/CVE-2016-5597
security-tracker.debian.org/tracker/CVE-2016-5597
ubuntu.com/security/notices/USN-3121-1
ubuntu.com/security/notices/USN-3130-1
ubuntu.com/security/notices/USN-3154-1
www.cve.org/CVERecord?id=CVE-2016-5597
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.1%