CVE-2016-5542
Public on 2016-10-25
Modified on 2017-06-06
Description
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | java-1.6.0-openjdk | 2017-02-06 | ALAS-2017-795 | Fixed |
| HAQM Linux 1 | java-1.7.0-openjdk | 2016-11-18 | ALAS-2016-771 | Fixed |
| HAQM Linux 1 | java-1.7.0-openjdk | 2017-06-06 | ALAS-2017-835 | Fixed |
| HAQM Linux 1 | java-1.8.0-openjdk | 2016-10-27 | ALAS-2016-759 | Fixed |
| HAQM Linux 1 | java-1.8.0-openjdk | 2017-05-09 | ALAS-2017-827 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N |
| HAQM Linux | CVSSv3 | 3.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
| NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| NVD | CVSSv3 | 3.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |