You are here

Home › Oracle CPU January 2016 - Java

Oracle CPU January 2016 - Java

Submitted on 21. January 2016 - 13:50 by rischi.
Last update on 21. January 2016 - 17:33.
IDs: 
CVE-2016-0728, CVE-2016-0494, CVE-2015-8126, CVE-2016-0402, CVE-2016-0448, CVE-2016-0483, CVE-2016-0466, CVE-2015-7575
Keywords: 
Java, JAXP, SLOTH
Description: 

The Oracle Critical Patch Update for Januar 2016 includes updates for several Oracle products including Java SE [1].

Airlock WAF is not affected

Details:

  • CVE-2016-0494, CVE-2015-8126, CVE-2016-0402, CVE-2016-0448: Affects client deployments only
  • CVE-2016-0483:  Affects the component AWT which is not used by Airlock WAF
  • CVE-2015-7575 (SLOTH):  Affects MD5 hashes which are not used by Airlock WAF.
  • CVE-2016-0466:  Affects the component JAXP which is used in the SOAP/XML filter. The vulnerability can enable Denial of Service attacks. Airlock WAF is not affected because the affected Java property totalEntitySizeLimit is not used.
Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
[1] Oracle Critical Patch Update Advisory - January 2016
© Ergon Informatik AG