OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)

🗓️ 27 Jul 2016 11:42:21Reported by RedHatType

Unspecified vulnerability in Oracle Java Standard Edition and Java Embedded allows remote denial of service via XML processing.

Reporter	Title	Published	Views	Family All 188
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2016-3508, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485)	5 Feb 202000:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect eDiscovery Analyzer	17 Jun 201812:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime Edition	10 Sep 202017:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator	17 Jun 201805:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 affect IBM Flex System Manager(FSM) Storage Manager Install Anywhere (SMIA) configuration tool	18 Jun 201801:36	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: CICS Transaction Gateway for Multiplatforms	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management	17 Jun 201815:28	–	ibm
IBM Security Bulletins	Security Bulletin: July 2016 Java Platform Standard Edition Vulnerabilities in N series Products	18 Jun 201808:05	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.1.el5_11	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.1.el5_11.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.1.el5_11	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.1.el5_11.x86_64.rpm
Red Hat Enterprise Linux	6	i686	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el6_8	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el6_8.i686.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el6_8	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el6_8.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm
Red Hat Enterprise Linux	7	s390x	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.7.0-openjdk	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.0-openjdk-accessibility	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-accessibility-1:1.7.0.111-2.6.7.2.el7_2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	java-1.7.0-openjdk-accessibility	1:1.7.0.111-2.6.7.2.el7_2	java-1.7.0-openjdk-accessibility-1:1.7.0.111-2.6.7.2.el7_2.ppc64le.rpm

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
access	www.access.redhat.com/security/cve/CVE-2016-3500
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-3500
cve	www.cve.org/CVERecord

21 Nov 2025 17:56Current

7.4High risk

Vulners AI Score7.4

CVSS 25

CVSS 35.3

EPSS0.07521

SSVC

CWE-770