CVE-2016-3449
Published: 21 April 2016
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
From the Ubuntu Security Team
A vulnerability was discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.
Notes
| Author | Note |
|---|---|
| sbeattie | java deployment, does not affect openjdk as packaged |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openjdk-6 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(deployment)
|
| trusty |
Does not exist
(trusty was not-affected [deployment])
|
|
| upstream |
Needs triage
|
|
| wily |
Not vulnerable
(deployment)
|
|
| xenial |
Does not exist
|
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(deployment)
|
| trusty |
Does not exist
(trusty was not-affected [deployment])
|
|
| upstream |
Needs triage
|
|
| wily |
Not vulnerable
(deployment)
|
|
| xenial |
Does not exist
|
|
|
openjdk-8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| wily |
Not vulnerable
(deployment)
|
|
| xenial |
Not vulnerable
(deployment)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.3 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |