{
  "threat_severity" : "Moderate",
  "public_date" : "2016-10-18T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)",
    "id" : "1386103",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1386103"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-319",
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.", "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el6_8"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2088",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.111-1jpp.4.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2089",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.121-1jpp.1.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-20T00:00:00Z",
    "advisory" : "RHSA-2016:2090",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.131-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2138",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.9.60-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-0.b15.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2659",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.16.35-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-19T00:00:00Z",
    "advisory" : "RHSA-2016:2079",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.111-1.b15.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-07T00:00:00Z",
    "advisory" : "RHSA-2016:2658",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.121-2.6.8.0.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-01-13T00:00:00Z",
    "advisory" : "RHSA-2017:0061",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.41-1.13.13.1.el7_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2136",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.8.0-ibm-1:1.8.0.3.20-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2016-11-02T00:00:00Z",
    "advisory" : "RHSA-2016:2137",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.3.60-1jpp.1.el7_2"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-05-09T00:00:00Z",
    "advisory" : "RHSA-2017:1216",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5597\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5597\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ],
  "name" : "CVE-2016-5597",
  "csaw" : false
}