{
  "threat_severity" : "Moderate",
  "public_date" : "2016-10-18T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)",
    "id" : "1385723",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385723"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-327",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.", "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2138",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5542\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5542\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ],
  "name" : "CVE-2016-5542",
  "csaw" : false
}