Nikolay Elenkov

**Name of the Vulnerable Software and Affected Versions** Java SE versions 6u131, 7u121, and 8u112 Java SE Embedded version 8u111 JRockit version R28.3.12 **Description** The issue is related to the Networking component of Oracle Java SE and can be exploited by an unauthenticated attacker with network access via multiple protocols. This can result in unauthorized update, insert, or delete access to some of the accessible data. The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. It is also related to errors in security settings and can allow a remote attacker to obtain sensitive information. **Recommendations** For Java SE versions 6u131, 7u121, and 8u112, update to a version that contains a fix for this issue. For Java SE Embedded version 8u111, update to a version that contains a fix for this issue. For JRockit version R28.3.12, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Networking component until a patch is available. Avoid using sandboxed Java Web Start applications and sandboxed Java applets until the issue is resolved.