CVE-2016-3508

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1504.html

http://rhn.redhat.com/errata/RHSA-2016-1776.html

http://www.debian.org/security/2016/dsa-3641

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/91787

http://www.securityfocus.com/bid/91972

http://www.securitytracker.com/id/1036365

http://www.ubuntu.com/usn/USN-3043-1

http://www.ubuntu.com/usn/USN-3062-1

http://www.ubuntu.com/usn/USN-3077-1

https://access.redhat.com/errata/RHSA-2016:1458

https://access.redhat.com/errata/RHSA-2016:1475

https://access.redhat.com/errata/RHSA-2016:1476

https://access.redhat.com/errata/RHSA-2016:1477

https://kc.mcafee.com/corporate/index?page=content&id=SB10166

https://security.gentoo.org/glsa/201610-08

https://security.gentoo.org/glsa/201701-43

https://security.netapp.com/advisory/ntap-20160721-0001/

Details

Source: MITRE

Published: 2016-07-21

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*

cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
127348NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)NessusNewStart CGSL Local Security Checks
critical
99795EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1032)NessusHuawei Local Security Checks
critical
96640GLSA-201701-43 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95960F5 Networks BIG-IP : Oracle Java vulnerability (K05016441)NessusF5 Networks Local Security Checks
medium
95941F5 Networks BIG-IP : Oracle Java vulnerability (K25075696)NessusF5 Networks Local Security Checks
medium
94085GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
93540Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2016-748)NessusAmazon Linux Local Security Checks
critical
93460Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3077-1)NessusUbuntu Local Security Checks
critical
93281SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)NessusSuSE Local Security Checks
critical
93272SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)NessusSuSE Local Security Checks
critical
93150Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160826)NessusScientific Linux Local Security Checks
critical
93149RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2016:1776)NessusRed Hat Local Security Checks
critical
93147Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2016-1776)NessusOracle Linux Local Security Checks
critical
93129CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:1776)NessusCentOS Local Security Checks
critical
92999Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3062-1)NessusUbuntu Local Security Checks
critical
92992openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)NessusSuSE Local Security Checks
critical
92979openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)NessusSuSE Local Security Checks
critical
92978openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)NessusSuSE Local Security Checks
critical
92954Debian DSA-3641-1 : openjdk-7 - security updateNessusDebian Local Security Checks
critical
92932openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)NessusSuSE Local Security Checks
critical
9449Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
92774openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)NessusSuSE Local Security Checks
critical
92763Debian DLA-579-1 : openjdk-7 security updateNessusDebian Local Security Checks
critical
92664Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-729)NessusAmazon Linux Local Security Checks
critical
92605Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160727)NessusScientific Linux Local Security Checks
critical
92604RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)NessusRed Hat Local Security Checks
critical
92599Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-1504)NessusOracle Linux Local Security Checks
critical
92586CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:1504)NessusCentOS Local Security Checks
critical
92584Ubuntu 16.04 LTS : openjdk-8 vulnerabilities (USN-3043-1)NessusUbuntu Local Security Checks
critical
92517Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)NessusMisc.
critical
92516Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)NessusWindows
critical
92510RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:1477)NessusRed Hat Local Security Checks
high
92509RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:1476)NessusRed Hat Local Security Checks
critical
92508RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)NessusRed Hat Local Security Checks
critical
92492Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)NessusWindows
low
92491Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20160720)NessusScientific Linux Local Security Checks
critical
92490RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)NessusRed Hat Local Security Checks
critical
92489Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)NessusOracle Linux Local Security Checks
critical
92473CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:1458)NessusCentOS Local Security Checks
critical
92470Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-723)NessusAmazon Linux Local Security Checks
critical