CVE-2016-0448

Impact:
Moderate
Public Date:
2016-01-19
CWE:
CWE-532
Bugzilla:
1299073: CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)

The MITRE CVE dictionary describes this issue as:

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.

Find out more about CVE-2016-0448 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) RHSA-2016:0049 2016-01-20
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Red Hat Satellite 5.6 (RHEL v.5) (java-1.7.0-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2016:0100 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) RHSA-2016:0098 2016-02-02
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) RHSA-2016:0050 2016-01-20
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2016:0053 2016-01-21

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation