Lucene search

K

Kaspersky LabKLA10849

HistoryJul 19, 2016 - 12:00 a.m.

KLA10849 Multiple vulnerabilities in Oracle Java SE

2016-07-1900:00:00

Kaspersky Lab

threats.kaspersky.com

31

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.5%

Detect date:

07/19/2016

Severity:

Critical

Description:

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can cause denial of service affect integrity or obtain sensitive information. These vulnerabilities can be exploited remotely or locally.

Affected products:

Oracle Java SE 8u92
Oracle Java SE 7u101
Oracle Java SE 6u115

Solution:

Update to the latest version
Oracle Java SE download page

Original advisories:

Oracle bulletin

Impacts:

OSI

Related products:

Oracle Java JRE 1.7.x

CVE-IDS:

CVE-2016-35504.3Warning
CVE-2016-35526.2High
CVE-2016-34852.1Warning
CVE-2016-35879.3Critical
CVE-2016-36066.8High
CVE-2016-34985.0Warning
CVE-2016-35989.3Critical
CVE-2016-35005.0Warning
CVE-2016-35034.4Warning
CVE-2016-36109.3Critical
CVE-2016-35085.0Warning
CVE-2016-35116.9High
CVE-2016-34584.3Warning

References

www.oracle.com/technetwork/java/javase/downloads/index.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3498

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3503

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3511

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3552

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.5%

Related for KLA10849

ibm34 nessus49 openvas38 suse11 redhat9 f55 ubuntu3 oraclelinux3 mageia1 centos3 amazon3 archlinux3 osv1 debian2 gentoo2 aix1 atlassian6 ubuntucve5 debiancve5 redhatcve5 prion5 cve5