You are here

Oracle CPU April 2016 - Java (WAF)

IDs: 
CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426, CVE-2016-3425, CVE-2016-3427, CVE-20 16-0695
Keywords: 
cpu, java
Description: 

The Oracle Critical Patch Update for April 2016 includes updates for several Oracle products including Java SE [1].

Airlock WAF is not affected

Details:

  • CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426:
    Affect client deployments only (untrusted code).
  • CVE-2016-3425 Affects the component JAXP. Airlock WAF is using JAXP for XML configuration parsing and is not affected because configuration files are only accepted from trusted sources.
  • CVE-2016-3427 Affected component JMX is not used by Airlock WAF.
  • CVE-2016-0695 Affects DSA (Digital Signature Algorithm) usage with an improper Keysize. Airlock WAF is using the correct Keysize for all DSA applications and is therefore not affected.
Resolution: 

no action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock