Do Common Vulnerabilities and Exposures (CVEs) Affect Only the Versions of Java Listed in the Critical Patch Update (CPU) Advisory? (Doc ID 2101185.1)

Last updated on JUNE 03, 2017

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.

Goal

For CVE-2016-0483, are the versions listed in the Oracle Critical Patch Update Advisory page the only versions that are affected?  As an example, see http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html under the Oracle Java SE Risk Matrix.  For this CVE, under the column labelled "Supported Versions Affected", it lists Java SE: 6u105, 7u91 and 8u66; Java SE Embedded: 8u65; and JRockit: R28.3.8.

Are only these specific versions affected?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms