{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-29T11:06:36", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "DSA-3707", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3707"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"}, {"name": "93623", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93623"}, {"name": "RHSA-2016:2079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"}, {"name": "USN-3130-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3130-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "GLSA-201701-43", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-43"}, {"name": "RHSA-2016:2090", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"}, {"name": "GLSA-201611-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201611-04"}, {"name": "RHSA-2017:0061", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"}, {"name": "USN-3154-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3154-1"}, {"name": "RHSA-2016:2089", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"}, {"name": "1037040", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037040"}, {"name": "RHSA-2016:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"}, {"name": "RHSA-2016:2658", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-5582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3707", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3707"}, {"name": "https://security.netapp.com/advisory/ntap-20161019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"}, {"name": "93623", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93623"}, {"name": "RHSA-2016:2079", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"}, {"name": "USN-3130-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3130-1"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "GLSA-201701-43", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-43"}, {"name": "RHSA-2016:2090", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"}, {"name": "GLSA-201611-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201611-04"}, {"name": "RHSA-2017:0061", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"}, {"name": "USN-3154-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3154-1"}, {"name": "RHSA-2016:2089", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"}, {"name": "1037040", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037040"}, {"name": "RHSA-2016:2088", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"}, {"name": "RHSA-2016:2658", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:07:59.294Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3707", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3707"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"}, {"name": "93623", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93623"}, {"name": "RHSA-2016:2079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"}, {"name": "USN-3130-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3130-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "GLSA-201701-43", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-43"}, {"name": "RHSA-2016:2090", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"}, {"name": "GLSA-201611-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201611-04"}, {"name": "RHSA-2017:0061", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"}, {"name": "USN-3154-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3154-1"}, {"name": "RHSA-2016:2089", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"}, {"name": "1037040", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037040"}, {"name": "RHSA-2016:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"}, {"name": "RHSA-2016:2658", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"}, {"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-5582", "datePublished": "2016-10-25T14:00:00", "dateReserved": "2016-06-16T00:00:00", "dateUpdated": "2024-08-06T01:07:59.294Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update121:*:*:*:*:*:*", "matchCriteriaId": "9826B0F3-7779-40EC-8D5D-E669134C3312", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update111:*:*:*:*:*:*", "matchCriteriaId": "D0A1EF24-7948-4955-A483-8E00AEB68A0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update101:*:*:*:*:*:*", "matchCriteriaId": "C9588F7C-EE24-453D-99D7-84FB11207DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update102:*:*:*:*:*:*", "matchCriteriaId": "3B727704-A1A0-4F33-AAC4-07AEB6AB1AC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update121:*:*:*:*:*:*", "matchCriteriaId": "8BAD1C7E-CCB1-4F51-9358-C29924A7B6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update111:*:*:*:*:*:*", "matchCriteriaId": "0AE2B217-FA10-46A8-AC49-DA15DEBBC60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update101:*:*:*:*:*:*", "matchCriteriaId": "F1246E67-A8B0-46BE-9E28-1C115A138CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update102:*:*:*:*:*:*", "matchCriteriaId": "A5D6EFE3-7D48-4A0C-98B5-41624C988DBB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE 6u121, 7u111, 8u102 y Java SE Embedded 8u101 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores relacionados con Hotspot, una vulnerabilidad diferente a CVE-2016-5573."}], "id": "CVE-2016-5582", "lastModified": "2023-11-07T02:33:43.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-25T14:30:52.527", "references": [{"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.debian.org/security/2016/dsa-3707"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/93623"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1037040"}, {"source": "secalert_us@oracle.com", "url": "http://www.ubuntu.com/usn/USN-3130-1"}, {"source": "secalert_us@oracle.com", "url": "http://www.ubuntu.com/usn/USN-3154-1"}, {"source": "secalert_us@oracle.com", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201611-04"}, {"source": "secalert_us@oracle.com", "url": "https://security.gentoo.org/glsa/201701-43"}, {"source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20161019-0001/"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2089", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2090", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:5", "package": "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11", "product_name": "Oracle Java for Red Hat Enterprise Linux 5", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2088", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2089", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2090", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:6", "package": "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8", "product_name": "Oracle Java for Red Hat Enterprise Linux 6", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2088", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2089", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2090", "cpe": "cpe:/a:redhat:rhel_extras_oracle_java:7", "package": "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7", "product_name": "Oracle Java for Red Hat Enterprise Linux 7", "release_date": "2016-10-20T00:00:00Z"}, {"advisory": "RHSA-2016:2658", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-11-07T00:00:00Z"}, {"advisory": "RHSA-2017:0061", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-01-13T00:00:00Z"}, {"advisory": "RHSA-2016:2079", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-10-19T00:00:00Z"}, {"advisory": "RHSA-2016:2658", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-11-07T00:00:00Z"}, {"advisory": "RHSA-2017:0061", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-01-13T00:00:00Z"}, {"advisory": "RHSA-2016:2079", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-10-19T00:00:00Z"}, {"advisory": "RHSA-2016:2658", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-07T00:00:00Z"}, {"advisory": "RHSA-2017:0061", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-01-13T00:00:00Z"}], "bugzilla": {"description": "OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591)", "id": "1385402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385402"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-843", "details": ["Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.", "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions."], "name": "CVE-2016-5582", "public_date": "2016-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5582\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5582\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA"], "threat_severity": "Critical"}