{
  "threat_severity" : "Moderate",
  "public_date" : "2016-10-18T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)",
    "id" : "1385714",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385714"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.", "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2138",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5554\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ],
  "name" : "CVE-2016-5554",
  "csaw" : false
}