Lucene search
Tenable9449.PRMHistoryAug 09, 2016 - 12:00 a.m.
Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple Vulnerabilities
2016-08-0900:00:00
Tenable
www.tenable.com
215
The version of Oracle Java SE installed on the remote host is prior to 6 Update 121, 7 Update 111, or 8 Update 102 and is affected by multiple vulnerabilities :
- An unspecified flaw exists in the ‘CORBA’ subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458)
- An unspecified flaw exists in the ‘Networking’ subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485)
- An unspecified flaw exists in the ‘JavaFX’ subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498)
- An unspecified flaw exists in the ‘JAXP’ subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500, CVE-2016-3508)
- An unspecified flaw exists in the ‘Install’ subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503, CVE-2016-3552)
- An unspecified flaw exists in the ‘Deployment’ subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511)
- An unspecified flaw exists in the ‘Hotspot’ subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550)
- A flaw exists in the ‘Hotspot’ subcomponent due to improper access to the ‘MethodHandle::invokeBasic()’ function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)
- A flaw exists in the ‘Libraries’ subcomponent within the ‘MethodHandles::dropArguments()’ function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)
- A flaw exists in the ‘Hotspot’ subcomponent within the ‘ClassVerifier::ends_in_athrow()’ function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606)
- An unspecified flaw exists in the ‘Libraries’ subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)
Binary data 9449.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA
Related
ibm
ibm
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
2016-07-22 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
2016-08-08 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)
2016-08-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2012-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2051-1)
2016-08-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1997-1)
2021-04-19 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2016-08-11 23:10:45
Security update for java-1_8_0-openjdk (important)
2016-08-09 17:35:21
Security update for java-1_7_0-openjdk (important)
2016-08-11 23:13:05
kaspersky
kaspersky
KLA10849 Multiple vulnerabilities in Oracle Java SE
2016-07-19 00:00:00
redhat
redhat
(RHSA-2016:1475) Critical: java-1.8.0-oracle security update
2016-07-21 10:04:47
(RHSA-2016:1476) Critical: java-1.7.0-oracle security update
2016-07-21 10:05:06
(RHSA-2016:1458) Critical: java-1.8.0-openjdk security update
2016-07-20 07:55:15
f5
f5
SOL40521234 - Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
K40521234 : Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
SOL05016441 - Oracle Java vulnerability CVE-2016-3508
2016-09-07 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-07-27 00:00:00
OpenJDK 7 vulnerabilities
2016-08-16 00:00:00
OpenJDK 6 vulnerabilities
2016-09-12 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-07-20 00:00:00
java-1.7.0-openjdk security update
2016-07-27 00:00:00
java-1.6.0-openjdk security update
2016-08-26 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-08-03 13:57:01
centos
centos
java security update
2016-07-20 15:49:13
java security update
2016-07-27 10:40:30
java security update
2016-08-26 14:36:52
amazon
amazon
Critical: java-1.8.0-openjdk
2016-07-20 18:00:00
Important: java-1.7.0-openjdk
2016-08-01 13:30:00
Important: java-1.6.0-openjdk
2016-09-15 19:00:00
archlinux
archlinux
jdk7-openjdk: multiple issues
2016-08-05 00:00:00
jre7-openjdk-headless: multiple issues
2016-08-05 00:00:00
jre7-openjdk: multiple issues
2016-08-05 00:00:00
osv
osv
openjdk-7 - security update
2016-08-05 00:00:00
debian
debian
[SECURITY] [DSA 3641-1] openjdk-7 security update
2016-08-04 16:01:11
[SECURITY] [DLA 579-1] openjdk-7 security update
2016-08-05 21:15:25
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-08-18 15:35:03
atlassian
atlassian
Upgrade bundled Java to 8u101+
2016-07-31 23:34:11
Upgrade bundled Java to 8u101+
2016-07-31 23:34:11
Upgrade bundled Java to 8u101+
2016-07-28 04:54:34
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2016-07-21 10:12:00
Design/Logic Flaw
2016-07-21 10:13:00
Buffer overflow
2016-07-21 10:14:00
cve
cve
Related for 9449.PRM