CVE-2016-3500
Published on: 07/21/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:03 PM UTC
Certain versions of Jdk from Oracle contain the following vulnerability:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
- CVE-2016-3500 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | NONE | LOW |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Oracle Critical Patch Update - July 2016 | Patch Vendor Advisory www.oracle.com text/html |
![]() |
USN-3043-1: OpenJDK 8 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
IcedTea: Multiple vulnerabilities (GLSA 201701-43) — Gentoo security | security.gentoo.org text/html |
![]() |
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
McAfee KnowledgeBase - Intel Security - Security Bulletin: ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities (CVE-2016-3500, CVE-2016-3508, and CVE-2016-3485) | kc.mcafee.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
[security-announce] openSUSE-SU-2016:2052-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] openSUSE-SU-2016:2051-1: important: Security update | lists.opensuse.org text/html |
![]() |
Debian -- Security Information -- DSA-3641-1 openjdk-7 | www.debian.org Depreciated Link text/html |
![]() |
Oracle Linux Bulletin - July 2016 | Vendor Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201610-08) — Gentoo Security | security.gentoo.org text/html |
![]() |
Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service, Local Users Modify Data, and Remote and Local Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
![]() |
USN-3077-1: OpenJDK 6 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
[security-announce] SUSE-SU-2016:1997-1: important: Security update for | lists.opensuse.org text/html |
![]() |
USN-3062-1: OpenJDK 7 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
[security-announce] SUSE-SU-2016:2012-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
July 2016 Java Platform Standard Edition Vulnerabilities in Multiple NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:2050-1: important: Security update | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:2058-1: important: Security update | lists.opensuse.org text/html |
![]() |
Red Hat Customer Portal | access.redhat.com text/html |
![]() |
openSUSE-SU-2016:1979-1: moderate: Security update for java-1_8_0-openjd | lists.opensuse.org text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Oracle | Jdk | 1.6.0 | update_115 | All | All |
Application | Oracle | Jdk | 1.7.0 | update101 | All | All |
Application | Oracle | Jdk | 1.8.0 | update91 | All | All |
Application | Oracle | Jdk | 1.8.0 | update92 | All | All |
Application | Oracle | Jdk | 1.6.0 | update_115 | All | All |
Application | Oracle | Jdk | 1.7.0 | update101 | All | All |
Application | Oracle | Jdk | 1.8.0 | update91 | All | All |
Application | Oracle | Jdk | 1.8.0 | update92 | All | All |
Application | Oracle | Jre | 1.6.0 | update_115 | All | All |
Application | Oracle | Jre | 1.7.0 | update_101 | All | All |
Application | Oracle | Jre | 1.8.0 | update_91 | All | All |
Application | Oracle | Jre | 1.8.0 | update_92 | All | All |
Application | Oracle | Jre | 1.6.0 | update_115 | All | All |
Application | Oracle | Jre | 1.7.0 | update_101 | All | All |
Application | Oracle | Jre | 1.8.0 | update_91 | All | All |
Application | Oracle | Jre | 1.8.0 | update_92 | All | All |
Application | Oracle | Jrockit | r28.3.10 | All | All | All |
Application | Oracle | Jrockit | r28.3.10 | All | All | All |
Operating System | Oracle | Linux | 5.0 | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Operating System | Oracle | Linux | 5.0 | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
- cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE