Lucene search

K

[email protected]CVE-2016-3598

HistoryJul 21, 2016 - 10:14 a.m.

CVE-2016-3598

2016-07-2110:14:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

131

cve-2016-3598

oracle

java

se

8u92

embedded

remote attackers

confidentiality

integrity

availability

libraries

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.3%

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.

CPENameOperatorVersion
oracle:jdkoracle jdkeq1.8.0
oracle:jreoracle jreeq1.8.0
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-09/msg00006.html

lists.opensuse.org/opensuse-updates/2016-08/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1504.html

rhn.redhat.com/errata/RHSA-2016-1587.html

rhn.redhat.com/errata/RHSA-2016-1588.html

rhn.redhat.com/errata/RHSA-2016-1589.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/91918

www.securitytracker.com/id/1036365

www.ubuntu.com/usn/USN-3043-1

www.ubuntu.com/usn/USN-3062-1

access.redhat.com/errata/RHSA-2016:1458

access.redhat.com/errata/RHSA-2016:1475

access.redhat.com/errata/RHSA-2017:1216

security.gentoo.org/glsa/201610-08

security.gentoo.org/glsa/201701-43

security.netapp.com/advisory/ntap-20160721-0001/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.3%

Related for CVE-2016-3598

redhatcve2 ubuntucve2 prion2 debiancve2 cve1 zdi2 ibm29 veracode2 openvas27 nessus37 redhat7 suse10 aix1 archlinux3 oraclelinux2 ubuntu2 centos2 amazon2 osv1 mageia1 f52 kaspersky1 gentoo2 oracle1