CVE-2016-5537

NameCVE-2016-5537
DescriptionUnspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs852029

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netbeans (PTS)wheezy7.0.1+dfsg1-5vulnerable
stretch8.1+dfsg3-2vulnerable
buster, sid8.1+dfsg3-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netbeanssource(unstable)(unfixed)medium852029
netbeanssourceexperimental8.2+dfsg1-1medium

Notes

[stretch] - netbeans <no-dsa> (No details about affected code, backport of Netbeans 8.2 too intrusive)
[wheezy] - netbeans <no-dsa> (No details about affected code, backport of Netbeans 8.2 too intrusive)

Search for package or bug name: Reporting problems