Oracle Corporation Information for VU#905344
HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
No statement is currently available from the vendor regarding this vulnerability.
Oracle has notified the CERT/CC that the vulnerabilities are addressed in the October 2017 Critical Patch Update, linked below.
Java SE is affected. Oracle has assigned CVE-2016-5597.
If you have feedback, comments, or additional information about this vulnerability, please send us email.