The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert CVE-2016-0686 CVE-2016-0687 CVE-2016-0695

Oracle Java: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Vulnerable products: Debian, Avamar, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, AIX, Domino, Notes, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, ePO, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this weakness: 3/4.
Consequences of an attack: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Hacker's origin: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/04/2016.
Références of this bulletin: 1982223, 1982566, 1984075, 1984678, 1985466, 1985875, 1987778, 484398, 486953, bulletinjan2017, CERTFR-2016-AVI-135, cpuapr2016, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, DLA-451-1, DSA-3558-1, ESA-2016-052, ESA-2016-099, FEDORA-2016-33ccc205e7, openSUSE-SU-2016:1222-1, openSUSE-SU-2016:1230-1, openSUSE-SU-2016:1235-1, openSUSE-SU-2016:1262-1, openSUSE-SU-2016:1265-1, RHSA-2016:0650-01, RHSA-2016:0651-01, RHSA-2016:0675-01, RHSA-2016:0676-01, RHSA-2016:0677-01, RHSA-2016:0678-01, RHSA-2016:0679-01, RHSA-2016:0701-01, RHSA-2016:0702-01, RHSA-2016:0708-01, RHSA-2016:0716-01, RHSA-2016:0723-01, RHSA-2016:1039-01, SB10159, SOL33285044, SOL73112451, SOL81223200, SUSE-SU-2016:1248-1, SUSE-SU-2016:1250-1, SUSE-SU-2016:1299-1, SUSE-SU-2016:1300-1, SUSE-SU-2016:1303-1, SUSE-SU-2016:1378-1, SUSE-SU-2016:1379-1, SUSE-SU-2016:1388-1, SUSE-SU-2016:1458-1, SUSE-SU-2016:1475-1, USN-2963-1, USN-2964-1, USN-2972-1, VIGILANCE-VUL-19416, ZDI-16-376.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3443, ZDI-16-376]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0687]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0686]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3427]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3449]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; CVE-2016-0695]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3425]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2016-3422]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:1/4; CVE-2016-3426]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities workaround. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.