CVE-2016-3508

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1504.html

http://rhn.redhat.com/errata/RHSA-2016-1776.html

http://www.debian.org/security/2016/dsa-3641

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/91787

http://www.securityfocus.com/bid/91972

http://www.securitytracker.com/id/1036365

http://www.ubuntu.com/usn/USN-3043-1

http://www.ubuntu.com/usn/USN-3062-1

http://www.ubuntu.com/usn/USN-3077-1

https://access.redhat.com/errata/RHSA-2016:1458

https://access.redhat.com/errata/RHSA-2016:1475

https://access.redhat.com/errata/RHSA-2016:1476

https://access.redhat.com/errata/RHSA-2016:1477

https://kc.mcafee.com/corporate/index?page=content&id=SB10166

https://security.gentoo.org/glsa/201610-08

https://security.gentoo.org/glsa/201701-43

https://security.netapp.com/advisory/ntap-20160721-0001/

Details

Source: MITRE

Published: 2016-07-21

Updated: 2019-12-27

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_101:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_92:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*

cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

ID	Name	Product	Family	Severity
127348	NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)	Nessus	NewStart CGSL Local Security Checks	high
99795	EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1032)	Nessus	Huawei Local Security Checks	high
96640	GLSA-201701-43 : IcedTea: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
95960	F5 Networks BIG-IP : Oracle Java vulnerability (K05016441)	Nessus	F5 Networks Local Security Checks	medium
95941	F5 Networks BIG-IP : Oracle Java vulnerability (K25075696)	Nessus	F5 Networks Local Security Checks	medium
94085	GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
93540	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2016-748)	Nessus	Amazon Linux Local Security Checks	medium
93460	Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3077-1)	Nessus	Ubuntu Local Security Checks	medium
93281	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)	Nessus	SuSE Local Security Checks	high
93272	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)	Nessus	SuSE Local Security Checks	high
93150	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160826)	Nessus	Scientific Linux Local Security Checks	medium
93149	RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2016:1776)	Nessus	Red Hat Local Security Checks	medium
93147	Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2016-1776)	Nessus	Oracle Linux Local Security Checks	medium
93129	CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:1776)	Nessus	CentOS Local Security Checks	medium
92999	Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3062-1)	Nessus	Ubuntu Local Security Checks	high
92992	openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)	Nessus	SuSE Local Security Checks	high
92979	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)	Nessus	SuSE Local Security Checks	high
92978	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)	Nessus	SuSE Local Security Checks	high
92954	Debian DSA-3641-1 : openjdk-7 - security update	Nessus	Debian Local Security Checks	medium
92932	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)	Nessus	SuSE Local Security Checks	high
9449	Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
92774	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)	Nessus	SuSE Local Security Checks	high
92763	Debian DLA-579-1 : openjdk-7 security update	Nessus	Debian Local Security Checks	medium
92664	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-729)	Nessus	Amazon Linux Local Security Checks	high
92605	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160727)	Nessus	Scientific Linux Local Security Checks	high
92604	RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)	Nessus	Red Hat Local Security Checks	high
92599	Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-1504)	Nessus	Oracle Linux Local Security Checks	high
92586	CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:1504)	Nessus	CentOS Local Security Checks	high
92584	Ubuntu 16.04 LTS : openjdk-8 vulnerabilities (USN-3043-1)	Nessus	Ubuntu Local Security Checks	high
92517	Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)	Nessus	Misc.	high
92516	Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)	Nessus	Windows	high
92510	RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:1477)	Nessus	Red Hat Local Security Checks	medium
92509	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:1476)	Nessus	Red Hat Local Security Checks	medium
92508	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)	Nessus	Red Hat Local Security Checks	high
92492	Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)	Nessus	Windows	low
92491	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20160720)	Nessus	Scientific Linux Local Security Checks	high
92490	RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)	Nessus	Red Hat Local Security Checks	high
92489	Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)	Nessus	Oracle Linux Local Security Checks	high
92473	CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:1458)	Nessus	CentOS Local Security Checks	high
92470	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-723)	Nessus	Amazon Linux Local Security Checks	high