CVE-2016-3606

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
oracleCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
oraclelinux
5.0
oraclelinux
6.0
oraclelinux
7.0
oraclejdk
1.7.0
oraclejdk
1.8.0
oraclejdk
1.8.0
oraclejre
1.7.0
oraclejre
1.8.0
oraclejre
1.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openjdk-8
sid
8u432-b06-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icedtea-web
xenial
not-affected
wily
not-affected
trusty
dne
precise
not-affected
openjdk-6
xenial
dne
wily
ignored
trusty
Fixed 6b40-1.13.12-0ubuntu0.14.04.2
released
precise
Fixed 6b40-1.13.12-0ubuntu0.12.04.1
released
openjdk-7
xenial
dne
wily
ignored
trusty
Fixed 7u111-2.6.7-0ubuntu0.14.04.3
released
precise
Fixed 7u111-2.6.7-0ubuntu0.12.04.2
released
openjdk-8
xenial
Fixed 8u91-b14-3ubuntu1~16.04.1
released
wily
Fixed 8u91-b14-3ubuntu1~15.10.1
released
trusty
dne
precise
dne
References
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
http://rhn.redhat.com/errata/RHSA-2016-1504.html
http://rhn.redhat.com/errata/RHSA-2016-1776.html
http://www.debian.org/security/2016/dsa-3641
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/91787
http://www.securityfocus.com/bid/91912
http://www.securitytracker.com/id/1036365
http://www.ubuntu.com/usn/USN-3043-1
http://www.ubuntu.com/usn/USN-3062-1
http://www.ubuntu.com/usn/USN-3077-1
https://access.redhat.com/errata/RHSA-2016:1458
https://access.redhat.com/errata/RHSA-2016:1475
https://access.redhat.com/errata/RHSA-2016:1476
https://security.gentoo.org/glsa/201610-08
https://security.gentoo.org/glsa/201701-43
https://security.netapp.com/advisory/ntap-20160721-0001/
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
http://rhn.redhat.com/errata/RHSA-2016-1504.html
http://rhn.redhat.com/errata/RHSA-2016-1776.html
http://www.debian.org/security/2016/dsa-3641
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/91787
http://www.securityfocus.com/bid/91912
http://www.securitytracker.com/id/1036365
http://www.ubuntu.com/usn/USN-3043-1
http://www.ubuntu.com/usn/USN-3062-1
http://www.ubuntu.com/usn/USN-3077-1
https://access.redhat.com/errata/RHSA-2016:1458
https://access.redhat.com/errata/RHSA-2016:1475
https://access.redhat.com/errata/RHSA-2016:1476
https://security.gentoo.org/glsa/201610-08
https://security.gentoo.org/glsa/201701-43
https://security.netapp.com/advisory/ntap-20160721-0001/