CVE-2016-3500Allocation of Resources Without Limits or Throttling in Oracle JDK

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-287Improper Authentication14 documents9 sources
Severity
5.3MEDIUMNVD
EPSS
11.6%
top 6.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle JDKOracle JREOracle Jrockit+1 more
Timeline
PublishedJul 21
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDoracle/jrockitr28.3.10
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2
NVDoracle/linux5.0, 6, 7+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-f43w-g5m4-854w: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R282022-05-13
OSV
openjdk-7 vulnerabilities2016-08-16
OSV
openjdk-8 vulnerabilities2016-07-27
OSV
CVE-2016-3500: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R282016-07-21
CVEList
CVE-2016-3500: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R282016-07-21

📋Vendor Advisories

7
Ubuntu
OpenJDK 6 vulnerabilities2016-09-12
Ubuntu
OpenJDK 7 vulnerabilities2016-08-16
Ubuntu
OpenJDK 8 vulnerabilities2016-07-27
Red Hat
OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)2016-07-19
Red Hat
OpenJDK: missing entity replacement limits (JAXP, 8149962)2016-07-19

💬Community

1
Bugzilla
CVE-2016-3500 OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)2016-07-15
CVE-2016-3500 — Oracle JDK vulnerability | cvebase