Oracle Corporation Information for VU#905344
HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
- Vendor Information Help Date Notified: 17 Jun 2016
- Statement Date:
- Date Updated: 21 Oct 2016
No statement is currently available from the vendor regarding this vulnerability.
Oracle has notified the CERT/CC that the vulnerabilities are addressed in the October 2017 Critical Patch Update, linked below.
Java SE is affected. Oracle has assigned CVE-2016-5597.