Lucene search

K

[email protected]CVE-2016-3500

HistoryJul 21, 2016 - 10:12 a.m.

CVE-2016-3500

2016-07-2110:12:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

67

cve-2016-3500

oracle

java se

jaxp

remote attackers

availability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.

CPENameOperatorVersion
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7
oracle:jrockitoracle jrockiteqr28.3.10
oracle:jdkoracle jdkeq1.8.0
oracle:jdkoracle jdkeq1.7.0
oracle:jdkoracle jdkeq1.6.0
oracle:jreoracle jreeq1.6.0
oracle:jreoracle jreeq1.8.0
oracle:jreoracle jreeq1.7.0

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1504.html

rhn.redhat.com/errata/RHSA-2016-1776.html

www.debian.org/security/2016/dsa-3641

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1036365

www.ubuntu.com/usn/USN-3043-1

www.ubuntu.com/usn/USN-3062-1

www.ubuntu.com/usn/USN-3077-1

access.redhat.com/errata/RHSA-2016:1458

access.redhat.com/errata/RHSA-2016:1475

access.redhat.com/errata/RHSA-2016:1476

access.redhat.com/errata/RHSA-2016:1477

kc.mcafee.com/corporate/index?page=content&id=SB10166

security.gentoo.org/glsa/201610-08

security.gentoo.org/glsa/201701-43

security.netapp.com/advisory/ntap-20160721-0001/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

Related for CVE-2016-3500

nessus40 prion2 f53 cvelist2 ubuntucve2 debiancve2 redhatcve2 cve1 veracode2 ibm11 debian2 openvas30 redhat6 ubuntu3 amazon3 oraclelinux3 centos3 archlinux3 osv1 mageia1 suse6 kaspersky1 gentoo2 oracle1