The version of Oracle Java SE installed on the remote host is prior to 6 Update 121, 7 Update 111, or 8 Update 102 and is affected by multiple vulnerabilities :
- An unspecified flaw exists in the ‘CORBA’ subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458)
- An unspecified flaw exists in the ‘Networking’ subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485)
- An unspecified flaw exists in the ‘JavaFX’ subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498)
- An unspecified flaw exists in the ‘JAXP’ subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500, CVE-2016-3508)
- An unspecified flaw exists in the ‘Install’ subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503, CVE-2016-3552)
- An unspecified flaw exists in the ‘Deployment’ subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511)
- An unspecified flaw exists in the ‘Hotspot’ subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550)
- A flaw exists in the ‘Hotspot’ subcomponent due to improper access to the ‘MethodHandle::invokeBasic()’ function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)
- A flaw exists in the ‘Libraries’ subcomponent within the ‘MethodHandles::dropArguments()’ function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)
- A flaw exists in the ‘Hotspot’ subcomponent within the ‘ClassVerifier::ends_in_athrow()’ function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606)
- An unspecified flaw exists in the ‘Libraries’ subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)