PT-2016-1085 · Oracle+5 · Jaxp+10
Published
2016-01-19
·
Updated
2024-06-15
·
CVE-2016-0466
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Java SE versions 6u105, 7u91, and 8u66
Java SE Embedded version 8u65
JRockit version R28.3.8
Description
The issue is related to errors in the code of the JAXP subcomponent in Jrockit and Java Platform, allowing a remote attacker to cause partial denial of service using network packets through Java Web Start or a Java applet. The vulnerability affects availability via vectors related to JAXP.
Recommendations
For Java SE versions 6u105, 7u91, and 8u66, update to a version that includes the fix for this issue.
For Java SE Embedded version 8u65, update to a version that includes the fix for this issue.
For JRockit version R28.3.8, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of the JAXP subcomponent until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Ibm Aix
Jaxp
Jrockit
Java Platform
Java Se
Java Se Embedded
Java Web Start
Red Hat
Suse
Ubuntu