{ "threat_severity" : "Moderate", "public_date" : "2016-01-19T00:00:00Z", "bugzilla" : { "description" : "OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)", "id" : "1299385", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1299385" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory." ], "affected_release" : [ { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0056", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 5", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0057", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5", "package" : "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0055", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0056", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 6", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0057", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6", "package" : "java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0055", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0056", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7" }, { "product_name" : "Oracle Java for Red Hat Enterprise Linux 7", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0057", "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7", "package" : "java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0054", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0067", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el5_11" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0100", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 5 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0101", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-01-20T00:00:00Z", "advisory" : "RHSA-2016:0050", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0053", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0067", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0099", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0101", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-01-20T00:00:00Z", "advisory" : "RHSA-2016:0049", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-01-21T00:00:00Z", "advisory" : "RHSA-2016:0054", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-01-26T00:00:00Z", "advisory" : "RHSA-2016:0067", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el7_2" }, { "product_name" : "Red Hat Enterprise Linux 7 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0098", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7 Supplementary", "release_date" : "2016-02-02T00:00:00Z", "advisory" : "RHSA-2016:0099", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2016-07-18T00:00:00Z", "advisory" : "RHSA-2016:1430", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2016-07-18T00:00:00Z", "advisory" : "RHSA-2016:1430", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7" }, { "product_name" : "Red Hat Satellite 5.6", "release_date" : "2016-07-18T00:00:00Z", "advisory" : "RHSA-2016:1430", "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5", "package" : "spacewalk-java-0:2.0.2-109.el5sat" }, { "product_name" : "Red Hat Satellite 5.7", "release_date" : "2016-07-18T00:00:00Z", "advisory" : "RHSA-2016:1430", "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6", "package" : "java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7" }, { "product_name" : "Red Hat Satellite 5.7", "release_date" : "2016-07-18T00:00:00Z", "advisory" : "RHSA-2016:1430", "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6", "package" : "spacewalk-java-0:2.3.8-146.el6sat" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0466\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name" : "CVE-2016-0466", "csaw" : false }