CVE-2016-3610

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1504.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/91787

http://www.securityfocus.com/bid/91930

http://www.securitytracker.com/id/1036365

http://www.ubuntu.com/usn/USN-3043-1

http://www.ubuntu.com/usn/USN-3062-1

https://access.redhat.com/errata/RHSA-2016:1458

https://access.redhat.com/errata/RHSA-2016:1475

https://security.gentoo.org/glsa/201610-08

https://security.gentoo.org/glsa/201701-43

https://security.netapp.com/advisory/ntap-20160721-0001/

Details

Source: MITRE

Published: 2016-07-21

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2.8

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
127348NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)NessusNewStart CGSL Local Security Checks
critical
99795EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1032)NessusHuawei Local Security Checks
critical
96640GLSA-201701-43 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
94085GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
93281SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)NessusSuSE Local Security Checks
critical
93272SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)NessusSuSE Local Security Checks
critical
92999Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3062-1)NessusUbuntu Local Security Checks
critical
92992openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)NessusSuSE Local Security Checks
critical
92979openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)NessusSuSE Local Security Checks
critical
92978openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)NessusSuSE Local Security Checks
critical
92932openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)NessusSuSE Local Security Checks
critical
9449Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
92774openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)NessusSuSE Local Security Checks
critical
92664Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-729)NessusAmazon Linux Local Security Checks
critical
92605Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160727)NessusScientific Linux Local Security Checks
critical
92604RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)NessusRed Hat Local Security Checks
critical
92599Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-1504)NessusOracle Linux Local Security Checks
critical
92586CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:1504)NessusCentOS Local Security Checks
critical
92584Ubuntu 16.04 LTS : openjdk-8 vulnerabilities (USN-3043-1)NessusUbuntu Local Security Checks
critical
92517Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)NessusMisc.
critical
92516Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)NessusWindows
critical
92508RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)NessusRed Hat Local Security Checks
critical
92491Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20160720)NessusScientific Linux Local Security Checks
critical
92490RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)NessusRed Hat Local Security Checks
critical
92489Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)NessusOracle Linux Local Security Checks
critical
92473CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:1458)NessusCentOS Local Security Checks
critical
92470Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-723)NessusAmazon Linux Local Security Checks
critical