Oracle Corporation Information for VU#905344

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Oracle has notified the CERT/CC that the vulnerabilities are addressed in the October 2017 Critical Patch Update, linked below.

Vendor References

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Addendum

Java SE is affected. Oracle has assigned CVE-2016-5597.

If you have feedback, comments, or additional information about this vulnerability, please send us email.