Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."
Remediation
References
Related Vulnerabilities
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.9)
WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6661)
IBM RTC Improper Input Validation Vulnerability (CVE-2015-1928)