Vulnerability Details : CVE-2016-3443
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.
Products affected by CVE-2016-3443
- cpe:2.3:a:oracle:jdk:1.8.0:update77:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update113:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update99:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update113:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update99:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update77:*:*:*:*:*:*
Threat overview for CVE-2016-3443
Top countries where our scanners detected CVE-2016-3443
Top open port discovered on systems with this issue
90
IPs affected by CVE-2016-3443 1,409
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-3443!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-3443
4.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3443
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.6
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.8
|
6.0
|
NIST |
References for CVE-2016-3443
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
[security-announce] SUSE-SU-2016:1388-1: important: Security update for
-
http://www.securitytracker.com/id/1035596
Oracle Java SE Multiple Flaws Let Remote Users Access Data and Gain Elevated Privileges on the Target System - SecurityTracker
-
https://security.netapp.com/advisory/ntap-20160420-0001/
April 2016 Java Platform Standard Edition Vulnerabilities in Multiple NetApp Products | NetApp Product Security
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
[security-announce] SUSE-SU-2016:1379-1: important: Security update for
-
http://www.securityfocus.com/bid/86482
Oracle Java SE CVE-2016-3443 Information Disclosure Vulnerability
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cpuapr2016v3Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
[security-announce] SUSE-SU-2016:1475-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-0702.html
RHSA-2016:0702 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-0678.html
RHSA-2016:0678 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1216
RHSA-2017:1216 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-0716.html
RHSA-2016:0716 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-0679.html
RHSA-2016:0679 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
[security-announce] SUSE-SU-2016:1458-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
[security-announce] SUSE-SU-2016:1300-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
[security-announce] SUSE-SU-2016:1378-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-0708.html
RHSA-2016:0708 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-0701.html
RHSA-2016:0701 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2016:1430
RHSA-2016:1430 - Security Advisory - Red Hat Customer Portal
-
http://www.zerodayinitiative.com/advisories/ZDI-16-376
ZDI-16-376 | Zero Day Initiative
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
[security-announce] SUSE-SU-2016:1303-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-1039.html
RHSA-2016:1039 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201606-18
IcedTea: Multiple vulnerabilities (GLSA 201606-18) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
[security-announce] SUSE-SU-2016:1299-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-0677.html
RHSA-2016:0677 - Security Advisory - Red Hat Customer Portal
Jump to