CVE-2016-3500
Published on: 07/21/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:03 PM UTC
Certain versions of Jdk from Oracle contain the following vulnerability:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
- CVE-2016-3500 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| NETWORK | LOW | NONE | NONE | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| UNCHANGED | NONE | NONE | LOW |
CVSS2 Score: 5 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | NONE | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Oracle Critical Patch Update - July 2016 | Patch Vendor Advisory www.oracle.com text/html |
CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html |
| USN-3043-1: OpenJDK 8 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
UBUNTU USN-3043-1 |
| IcedTea: Multiple vulnerabilities (GLSA 201701-43) — Gentoo security | security.gentoo.org text/html |
GENTOO GLSA-201701-43 |
| Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 91787 |
| McAfee KnowledgeBase - Intel Security - Security Bulletin: ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities (CVE-2016-3500, CVE-2016-3508, and CVE-2016-3485) | kc.mcafee.com text/html |
CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10166 |
| Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:1776 |
| [security-announce] openSUSE-SU-2016:2052-1: important: Security update | lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:2052 |
| [security-announce] openSUSE-SU-2016:2051-1: important: Security update | lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:2051 |
| Debian -- Security Information -- DSA-3641-1 openjdk-7 | www.debian.org Depreciated Link text/html |
DEBIAN DSA-3641 |
| Oracle Linux Bulletin - July 2016 | Vendor Advisory web.archive.org text/html Inactive LinkNot Archived |
CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html |
| Oracle JRE/JDK: Multiple vulnerabilities (GLSA 201610-08) — Gentoo Security | security.gentoo.org text/html |
GENTOO GLSA-201610-08 |
| Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service, Local Users Modify Data, and Remote and Local Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
SECTRACK 1036365 |
| USN-3077-1: OpenJDK 6 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
UBUNTU USN-3077-1 |
| Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:1504 |
| [security-announce] SUSE-SU-2016:1997-1: important: Security update for | lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1997 |
| USN-3062-1: OpenJDK 7 vulnerabilities | Ubuntu | www.ubuntu.com text/html |
UBUNTU USN-3062-1 |
| [security-announce] SUSE-SU-2016:2012-1: important: Security update for | lists.opensuse.org text/html |
SUSE SUSE-SU-2016:2012 |
| Red Hat Customer Portal | access.redhat.com text/html |
REDHAT RHSA-2016:1477 |
| July 2016 Java Platform Standard Edition Vulnerabilities in Multiple NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20160721-0001/ |
| Red Hat Customer Portal | access.redhat.com text/html |
REDHAT RHSA-2016:1458 |
| [security-announce] openSUSE-SU-2016:2050-1: important: Security update | lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:2050 |
| Red Hat Customer Portal | access.redhat.com text/html |
REDHAT RHSA-2016:1475 |
| [security-announce] openSUSE-SU-2016:2058-1: important: Security update | lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:2058 |
| Red Hat Customer Portal | access.redhat.com text/html |
REDHAT RHSA-2016:1476 |
| openSUSE-SU-2016:1979-1: moderate: Security update for java-1_8_0-openjd | lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:1979 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Jdk | 1.6.0 | update_115 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update101 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update91 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update92 | All | All |
| Application | Oracle | Jdk | 1.6.0 | update_115 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update101 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update91 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update92 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_115 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_101 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_91 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_92 | All | All |
| Application | Oracle | Jre | 1.6.0 | update_115 | All | All |
| Application | Oracle | Jre | 1.7.0 | update_101 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_91 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_92 | All | All |
| Application | Oracle | Jrockit | r28.3.10 | All | All | All |
| Application | Oracle | Jrockit | r28.3.10 | All | All | All |
| Operating System | Oracle | Linux | 5.0 | All | All | All |
| Operating System | Oracle | Linux | 6 | All | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Operating System | Oracle | Linux | 5.0 | All | All | All |
| Operating System | Oracle | Linux | 6 | All | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
- cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.7.0:update101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.6.0:update_115:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.7.0:update_101:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jrockit:r28.3.10:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE