Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2016-0264

Disclosure Date: May 24, 2016 •

CVE-2016-0264 CVSS v3 Base Score: 5.6

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.6 Medium

Impact Score:

3.4

Exploitability Score:

2.2

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

Low

Availability (A):

Low

Vendors

ibm,
redhat,
suse

Products

enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux hpc node supplementary 6.0,
enterprise linux hpc node supplementary 7.0,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server eus 6.7,
enterprise linux server eus 7.2,
enterprise linux server eus 7.3,
enterprise linux server eus 7.4,
enterprise linux server eus 7.5,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
java sdk,
linux enterprise server 10,
linux enterprise server 11,
linux enterprise server 12,
linux enterprise software development kit 11,
linux enterprise software development kit 12,
manager 2.1,
manager proxy 2.1,
openstack cloud 5,
satellite 5.6,
satellite 5.7,
suse linux enterprise server 12

References

Canonical

CVE-2016-0264 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0264)

Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21980826

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

https://access.redhat.com/errata/RHSA-2016:1430

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

IV84035 (http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035)

http://rhn.redhat.com/errata/RHSA-2016-0716.html

SECTRACK-1035953 (http://www.securitytracker.com/id/1035953)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

https://access.redhat.com/errata/RHSA-2017:1216

Rapid7

Technical Analysis