Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10849
HistoryJul 19, 2016 - 12:00 a.m.

KLA10849 Multiple vulnerabilities in Oracle Java SE

2016-07-1900:00:00
Kaspersky Lab
threats.kaspersky.com
42

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting these vulnerabilities malicious users can cause denial of service affect integrity or obtain sensitive information. These vulnerabilities can be exploited remotely or locally.

Technical details

These vulnerabilities related to following components: Hotspot, Libraries, Install, Deployment, JavaFX, JAXP, CORBA and Networking.

Original advisories

Oracle bulletin

Related products

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-Java-JDK-1.8.x-3

Oracle-Java-JRE-1.8.x

CVE list

CVE-2016-3550 warning

CVE-2016-3552 high

CVE-2016-3485 warning

CVE-2016-3587 critical

CVE-2016-3606 high

CVE-2016-3498 warning

CVE-2016-3598 critical

CVE-2016-3500 warning

CVE-2016-3503 warning

CVE-2016-3610 critical

CVE-2016-3508 warning

CVE-2016-3511 high

CVE-2016-3458 warning

Solution

Update to the latest version

Oracle Java SE download page

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

  • Oracle Java SE 8u92 Oracle Java SE 7u101Oracle Java SE 6u115

Related

ibm 27
nessus 48
openvas 38
suse 11
redhat 9
f5 5
mageia 1
ubuntu 3
centos 3
amazon 3
oraclelinux 3
archlinux 3
osv 1
debian 2
gentoo 2
aix 1
atlassian 6
ubuntucve 5
debiancve 5
prion 5
cvelist 4
cve 5
redhatcve 5
nvd 4
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime Edition
2020-09-10 17:03:14
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
2019-12-18 14:26:38
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2018-06-15 07:06:24
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
2016-07-22 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
2016-08-08 00:00:00
Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple Vulnerabilities
2016-08-09 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2012-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2051-1)
2016-08-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1997-1)
2021-04-19 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2016-08-11 23:10:45
Security update for java-1_8_0-openjdk (important)
2016-08-09 17:35:21
Security update for java-1_7_0-openjdk (important)
2016-08-11 23:13:05
redhat
redhat
(RHSA-2016:1475) Critical: java-1.8.0-oracle security update
2016-07-21 10:04:47
(RHSA-2016:1476) Critical: java-1.7.0-oracle security update
2016-07-21 10:05:06
(RHSA-2016:1458) Critical: java-1.8.0-openjdk security update
2016-07-20 07:55:15
f5
f5
SOL40521234 - Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
K40521234 : Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
K05016441 : Oracle Java vulnerability CVE-2016-3508
2016-09-07 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-08-03 13:57:01
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-07-27 00:00:00
OpenJDK 7 vulnerabilities
2016-08-16 00:00:00
OpenJDK 6 vulnerabilities
2016-09-12 00:00:00
centos
centos
java security update
2016-07-20 15:49:13
java security update
2016-07-27 10:40:30
java security update
2016-08-26 14:36:52
amazon
amazon
Critical: java-1.8.0-openjdk
2016-07-20 18:00:00
Important: java-1.7.0-openjdk
2016-08-01 13:30:00
Important: java-1.6.0-openjdk
2016-09-15 19:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-07-20 00:00:00
java-1.7.0-openjdk security update
2016-07-27 00:00:00
java-1.6.0-openjdk security update
2016-08-26 00:00:00
archlinux
archlinux
jre7-openjdk-headless: multiple issues
2016-08-05 00:00:00
jdk7-openjdk: multiple issues
2016-08-05 00:00:00
jre7-openjdk: multiple issues
2016-08-05 00:00:00
osv
osv
openjdk-7 - security update
2016-08-05 00:00:00
debian
debian
[SECURITY] [DLA 579-1] openjdk-7 security update
2016-08-05 21:15:25
[SECURITY] [DSA 3641-1] openjdk-7 security update
2016-08-04 16:01:11
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-08-18 15:35:03
atlassian
atlassian
Upgrade bundled Java to 8u101+
2016-07-31 23:34:11
Upgrade bundled Java to 8u101+
2016-07-28 04:54:34
Upgrade bundled Java to 8u101+
2016-07-31 23:34:11
ubuntucve
ubuntucve
CVE-2016-3508
2016-07-21 00:00:00
CVE-2016-3500
2016-07-21 00:00:00
CVE-2016-3610
2016-07-21 00:00:00
debiancve
debiancve
CVE-2016-3500
2016-07-21 10:12:53
CVE-2016-3508
2016-07-21 10:13:00
CVE-2016-3598
2016-07-21 10:14:38
prion
prion
Design/Logic Flaw
2016-07-21 10:12:00
Design/Logic Flaw
2016-07-21 10:13:00
Buffer overflow
2016-07-21 10:14:00
cvelist
cvelist
CVE-2016-3500
2016-07-21 10:00:00
CVE-2016-3508
2016-07-21 10:00:00
CVE-2016-3610
2016-07-21 10:00:00
cve
cve
CVE-2016-3500
2016-07-21 10:12:53
CVE-2016-3508
2016-07-21 10:13:00
CVE-2016-3598
2016-07-21 10:14:38
redhatcve
redhatcve
CVE-2016-3500
2016-07-20 07:49:03
CVE-2016-3508
2016-07-20 07:48:54
CVE-2016-3610
2016-07-20 07:48:36
nvd
nvd
CVE-2016-3500
2016-07-21 10:12:53
CVE-2016-3508
2016-07-21 10:13:00
CVE-2016-3610
2016-07-21 10:14:43

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.016

Percentile

87.6%

JSON
Related for KLA10849
ibm27nessus48openvas38suse11redhat9f55mageia1ubuntu3centos3amazon3oraclelinux3archlinux3osv1debian2gentoo2aix1atlassian6ubuntucve5debiancve5prion5cvelist4cve5redhatcve5nvd4