Fluid Attacks Database

Description

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	java-1.7.0-openjdk	<1:1.7.0.111-2.6.7.1.el5_11	1:1.7.0.111-2.6.7.1.el5_11
rpm rhel6	java-1.8.0-openjdk	<1:1.8.0.101-3.b13.el6_8	1:1.8.0.101-3.b13.el6_8
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.40-1.13.12.4.el5_11	1:1.6.0.40-1.13.12.4.el5_11
rpm rhel7	java-1.6.0-openjdk	<1:1.6.0.40-1.13.12.5.el7_2	1:1.6.0.40-1.13.12.5.el7_2
rpm rhel7	java-1.8.0-openjdk	<1:1.8.0.101-3.b13.el7_2	1:1.8.0.101-3.b13.el7_2
rpm rhel7	java-1.7.0-openjdk	<1:1.7.0.111-2.6.7.2.el7_2	1:1.7.0.111-2.6.7.2.el7_2
rpm rhel6	java-1.7.0-openjdk	<1:1.7.0.111-2.6.7.2.el6_8	1:1.7.0.111-2.6.7.2.el6_8
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.40-1.13.12.6.el6_8	1:1.6.0.40-1.13.12.6.el6_8

Aliases

1. CVE-2016-35082. NVD-2016-35083. OSV-2016-3508

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.