KLA10743 Multiple vulnerabilities in Oracle Java SE

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can affect application confidentiality, integrity and availability. These vulnerabilities can be exploited remotely via an unknown vectors related to 2D, AWT, Libraries, Networking, JAXP, JMX and Security.

Original advisories

Oracle bulletin

Related products

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-Java-JDK-1.8.x-3

Oracle-Java-JRE-1.8.x

CVE list

CVE-2016-0475 high

CVE-2016-0402 warning

CVE-2016-0466 warning

CVE-2016-0448 warning

CVE-2016-0494 critical

CVE-2016-0483 critical

CVE-2015-8126 critical

CVE-2015-7575 warning

Solution

Update to the latest version

Java SE downloads page

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

• Oracle Java SE 6.105, 7.91 and 8.66Oracle Java SE embedded 8.65