AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The version of Java SDK installed on the remote AIX host is affected
by multiple vulnerabilities.

Description :

The version of Java SDK installed on the remote AIX host is affected
by multiple vulnerabilities in the following subcomponents :

- An unspecified flaw exists in the Networking
subcomponent that allows a local attacker to impact
integrity. (CVE-2016-3485)

- An unspecified flaw exists in the Deployment
subcomponent that allows a local attacker to gain
elevated privileges. (CVE-2016-3511)

- A flaw exists in the Libraries subcomponent in the
share/classes/java/lang/invoke/MethodHandles.java class
within the MethodHandles::dropArguments() function that
allows an unauthenticated, remote attacker to impact
confidentiality, integrity, and availability.
(CVE-2016-3598)

See also :

http://www.nessus.org/u?46a051b3
http://www.nessus.org/u?ce533d8f
http://www.nessus.org/u?17d05c61
http://www.nessus.org/u?d4595696
http://www.nessus.org/u?9abd5252
http://www.nessus.org/u?4ee03dc1
http://www.nessus.org/u?8f7a066c
http://www.nessus.org/u?52d4ddf3
http://www.nessus.org/u?343fa903

Solution :

Fixes are available by version and can be downloaded from the IBM AIX
website.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 94970 ()

Bugtraq ID: 91918
91990

CVE ID: CVE-2016-3485
CVE-2016-3511
CVE-2016-3598

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now