Lucene search

K

[email protected]NVD:CVE-2016-3443

HistoryApr 21, 2016 - 11:00 a.m.

CVE-2016-3443

2016-04-2111:00:32

[email protected]

web.nvd.nist.gov

5

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

0.044

Percentile

92.4%

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

Affected configurations

Nvd

Node

oraclejdkMatch1.6.0update113

OR

oraclejdkMatch1.7.0update99

OR

oraclejdkMatch1.8.0update77

OR

oraclejreMatch1.6.0update113

OR

oraclejreMatch1.7.0update99

OR

oraclejreMatch1.8.0update77

References

lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

rhn.redhat.com/errata/RHSA-2016-0677.html

rhn.redhat.com/errata/RHSA-2016-0678.html

rhn.redhat.com/errata/RHSA-2016-0679.html

rhn.redhat.com/errata/RHSA-2016-0701.html

rhn.redhat.com/errata/RHSA-2016-0702.html

rhn.redhat.com/errata/RHSA-2016-0708.html

rhn.redhat.com/errata/RHSA-2016-0716.html

rhn.redhat.com/errata/RHSA-2016-1039.html

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.securityfocus.com/bid/86482

www.securitytracker.com/id/1035596

www.zerodayinitiative.com/advisories/ZDI-16-376

access.redhat.com/errata/RHSA-2016:1430

access.redhat.com/errata/RHSA-2017:1216

security.gentoo.org/glsa/201606-18

security.netapp.com/advisory/ntap-20160420-0001/

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

5.7

Confidence

High

EPSS

0.044

Percentile

92.4%

Related for NVD:CVE-2016-3443

ubuntucve1 zdi1 cvelist1 veracode1 debiancve1 prion1 cve1 ibm21 f52 nessus22 openvas10 redhat10 gentoo1 kaspersky1 suse8 aix1 oracle1