Lucene search

K

[email protected]CVE-2016-3508

HistoryJul 21, 2016 - 10:13 a.m.

CVE-2016-3508

2016-07-2110:13:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

72

cve-2016-3500

oracle

java

se

vulnerability

jaxp

remote

attackers

availability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.7%

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

CPENameOperatorVersion
oracle:jrockitoracle jrockiteqr28.3.10
oracle:jdkoracle jdkeq1.8.0
oracle:jdkoracle jdkeq1.7.0
oracle:jdkoracle jdkeq1.6.0
oracle:jreoracle jreeq1.6.0
oracle:jreoracle jreeq1.8.0
oracle:jreoracle jreeq1.7.0
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1504.html

rhn.redhat.com/errata/RHSA-2016-1776.html

www.debian.org/security/2016/dsa-3641

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/91972

www.securitytracker.com/id/1036365

www.ubuntu.com/usn/USN-3043-1

www.ubuntu.com/usn/USN-3062-1

www.ubuntu.com/usn/USN-3077-1

access.redhat.com/errata/RHSA-2016:1458

access.redhat.com/errata/RHSA-2016:1475

access.redhat.com/errata/RHSA-2016:1476

access.redhat.com/errata/RHSA-2016:1477

kc.mcafee.com/corporate/index?page=content&id=SB10166

security.gentoo.org/glsa/201610-08

security.gentoo.org/glsa/201701-43

security.netapp.com/advisory/ntap-20160721-0001/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.7%

Related for CVE-2016-3508

nessus40 ubuntucve2 debiancve2 prion2 f53 cvelist2 redhatcve2 cve1 veracode2 ibm11 openvas30 redhat6 debian2 ubuntu3 amazon3 oraclelinux3 centos3 archlinux3 osv1 mageia1 suse6 kaspersky1 gentoo2 oracle1