Unspecified Vulnerability in Oracle Java SE and JRockit Products
CVE-2016-3425

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Jrockit; Jdk; Jre
Vendor: CVE Published:; 21 April 2016

Summary

This vulnerability exists in multiple versions of Oracle Java SE and JRockit, potentially allowing remote attackers to disrupt system availability. The issue is related to the Java API for XML Processing (JAXP), which could be exploited to cause disruptions or service outages.

References

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

http://rhn.redhat.com/errata/RHSA-2016-0677.html

vendor-advisoryx_refsource_REDHAT

http://www.ubuntu.com/usn/USN-2972-1

vendor-advisoryx_refsource_UBUNTU

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2016
Vulnerability Reserved
Mar 17, 2016

.