JVNDB-2016-003937

JVNDB-2016-003937
Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Java SE Embedded �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽ Libraries �ｽﾉ関ゑｿｽ�ｽ�ｽﾆ弱性
�ｽT�ｽv
Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Java SE Embedded �ｽﾉは、Libraries �ｽﾉ関ゑｿｽ�ｽ髀茨ｿｽ�ｽ�ｽﾉ不�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ驍ｽ�ｽﾟ、�ｽ@�ｽ�ｽ�ｽ�ｽ�ｽA�ｽ�ｽ�ｽS�ｽ�ｽ�ｽA�ｽ�ｽ�ｽ�ｽﾑ可用�ｽ�ｽ�ｽﾉ影�ｽ�ｽ�ｽﾌゑｿｽ�ｽ�ｽﾆ弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB �ｽ{�ｽﾆ弱性�ｽﾍ、CVE-2016-3610 �ｽﾆは異なゑｿｽﾆ弱性�ｽﾅゑｿｽ�ｽB
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v3 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 9.6 (�ｽﾙ急) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽﾉ必�ｽv�ｽﾈ難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽx�ｽ�ｽ: �ｽs�ｽv �ｽ�ｽ�ｽp�ｽﾒの関与: �ｽv �ｽe�ｽ�ｽ�ｽﾌ想�ｽ�ｽﾍ茨ｿｽ: �ｽﾏ更�ｽ�ｽ�ｽ�ｽ �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽ�ｽ �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽ�ｽ �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽ�ｽ CVSS v2 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 9.3 (�ｽ�ｯ) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽO�ｽﾌ認�ｽﾘ要�ｽ�ｽ: �ｽs�ｽv �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽS�ｽﾊ的 �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽS�ｽﾊ的 �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽS�ｽﾊ的
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ JDK 8 Update 92 JRE 8 Update 92 Oracle Java SE Embedded 8 Update 91 Oracle Linux �ｽ�ｽ�ｽ�ｽ Cosminexus Developer's Kit for Java(TM) Cosminexus XML Processor Hitachi Application Server Hitachi Application Server for Developers Hitachi Developer's Kit for Java uCosminexus Application Server uCosminexus Application Server (64) uCosminexus Application Server -R uCosminexus Application Server Express uCosminexus Application Server Light uCosminexus Application Server Standard-R uCosminexus Application Server Enterprise uCosminexus Application Server Smart Edition uCosminexus Application Server Standard uCosminexus Client uCosminexus Client for Plug-in uCosminexus Developer uCosminexus Developer 01 uCosminexus Developer Professional uCosminexus Developer Professional for Plug-in uCosminexus Developer Light uCosminexus Developer Standard uCosminexus Operator uCosminexus Primary Server Base uCosminexus Server Standard-R uCosminexus Service Architect uCosminexus Service Platform uCosminexus Service Platform (64) uCosminexus Service Platform - Messaging
�ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽi�ｽﾌ詳細につゑｿｽ�ｽﾄは、�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ HS16-019 �ｽ�ｽ�ｽ�ｽ�ｽm�ｽF�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽ�ｽO�ｽﾒにゑｿｽ�ｽA�ｽ�ｽ�ｽ�ｽ�ｽ謫ｾ�ｽ�ｽ�ｽ�ｽ�ｽA�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽｳゑｿｽ�ｽA�ｽ�ｽ�ｽ�ｽﾑサ�ｽ[�ｽr�ｽX�ｽ^�ｽp�ｽW�ｽQ (DoS) �ｽU�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ Oracle Critical Patch Update : Oracle Critical Patch Update Advisory - July 2016 Oracle Critical Patch Update : Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices Oracle Technology Network : Oracle Linux Bulletin - July 2016 SECURITY BLOG : July 2016 Critical Patch Update Released �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : HS16-019 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : HS16-019 �ｽx�ｽm�ｽ�ｽ �ｽx�ｽm�ｽ�ｽ �ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : Oracle Corporation Java�ｽv�ｽ�ｽ�ｽO�ｽC�ｽ�ｽ�ｽﾌ脆弱性�ｽﾉ関ゑｿｽ�ｽ驍ｨ�ｽm�ｽ轤ｹ
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽs�ｽ�ｽ(CWE-noinfo) [NVD�ｽ]�ｽ�ｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2016-3598
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2016-3598 IPA �ｽd�ｽv�ｽﾈセ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : Oracle Java �ｽﾌ脆弱性�ｽﾎ搾ｿｽﾉつゑｿｽ�ｽ�ｽ(CVE-2016-3587�ｽ�ｽ) JPCERT �ｽ�ｽ�ｽﾓ奇ｿｽ�ｽN : JPCERT-AT-2016-0032
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2016�ｽN07�ｽ�ｽ27�ｽ�ｽ] �ｽf�ｽ�ｽ [2016�ｽN08�ｽ�ｽ02�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (HS16-019) �ｽ�ｽﾇ会ｿｽ [2016�ｽN12�ｽ�ｽ06�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ (Oracle Linux Bulletin - July 2016) �ｽ�ｽﾇ会ｿｽ


�ｽ�ｽ�ｽ\�ｽ�ｽ	2016/07/19
�ｽo�ｽ^�ｽ�ｽ	2016/07/27
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2016/12/06

Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Java SE Embedded �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽ Libraries �ｽﾉ関ゑｿｽ�ｽ�ｽﾆ弱性