CVE-2016-5537

NameCVE-2016-5537
DescriptionUnspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs852029

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netbeans (PTS)stretch8.1+dfsg3-2vulnerable
sid, bullseye, trixie, bookworm12.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netbeanssourceexperimental8.2+dfsg1-1
netbeanssource(unstable)10.0-1852029

Notes

[stretch] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
[wheezy] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)

Search for package or bug name: Reporting problems