Fluid Attacks Database

Description

It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.71-1.b15.el6_7	1:1.8.0.71-1.b15.el6_7
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.71-2.b15.el7_2	1:1.8.0.71-2.b15.el7_2

Aliases

1. CVE-2016-04752. NVD-2016-04753. OSV-2016-0475

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.