Kaspersky LabKLA10887

HistoryOct 19, 2016 - 12:00 a.m.

KLA10887 Multiple vulnerabilities in Oracle Java SE

2016-10-1900:00:00

Kaspersky Lab

threats.kaspersky.com

256

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.4%

JSON

Detect date:

10/19/2016

Severity:

Critical

Description:

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting this vulnerability malicious users can cause denial of service, affect integrity or obtain sensitive information. This vulnerability can be exploited remotely.

Affected products:

Oracle Java SE 6u121, 7u11 and 8u102

Solution:

Update to the latest version
Get Java SE

Original advisories:

Oracle bulletin

Impacts:

OSI

Related products:

Oracle Java JRE 1.7.x

CVE-IDS:

CVE-2016-55569.3Critical
CVE-2016-55689.3Critical
CVE-2016-55829.3Critical
CVE-2016-55736.8High
CVE-2016-55974.3Warning
CVE-2016-55544.3Warning
CVE-2016-55424.3Warning

References

www.oracle.com/technetwork/java/javase/downloads/index.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5556

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5568

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Oracle-Java-JDK-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JDK-1.8.x-3/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/

threats.kaspersky.com/en/product/Oracle-Java-JRE-1.8.x/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for KLA10887