KLA10959 An unspecified vulnerability in Oracle Java SE

An unspecified vulnerability was found in Oracle Java SE components. By exploiting this vulnerability malicious users can gain privileges and obtain sensitive information. This vulnerability can be exploited remotely by an unauthenticater attacker having network access via multiple protocols.

Technical details

Vulnerability described above is related to Libraries subcomponent of Java SE and Java SE Embedded components or Oracle Java SE.

This vulnerability is frequently applicable to Java deployments, where clients rely on the security of the Java sandbox and use sandboxed Java applets or sandboxed Java Web Start applications, which load and run untrusted code, for example, code coming from the internet.

Given vulnerability is frequently not applicable to Java deployments, where only trusted code is loaded and run on servers (for example, code provided by an administrator).

Original advisories

Oracle Critical Patch Update Advisory

Related products

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-Java-JDK-1.8.x-3

Oracle-Java-JRE-1.8.x

CVE list

CVE-2016-5548 warning

Solution

Update to the latest versions

Get Java SE

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Oracle Java SE 6u131Oracle Java SE 7u121Oracle Java SE 8u112Oracle Java SE Embedded 8u111