ID CVE-2016-3485
Summary Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
References
Vulnerable Configurations
  • Oracle JDK 1.6.0 Update 115
    cpe:2.3:a:oracle:jdk:1.6.0:update_115
  • Oracle JDK 1.7.0 Update 101
    cpe:2.3:a:oracle:jdk:1.7.0:update_101
  • Oracle JDK 1.8.0 Update 91
    cpe:2.3:a:oracle:jdk:1.8.0:update_91
  • Oracle JDK 1.8.0 Update 92
    cpe:2.3:a:oracle:jdk:1.8.0:update_92
  • Oracle JrRE 1.6.0 Update 115
    cpe:2.3:a:oracle:jre:1.6.0:update_115
  • Oracle JRE 1.7.0 Update 101
    cpe:2.3:a:oracle:jre:1.7.0:update_101
  • Oracle JRE 1.8.0 Update 91
    cpe:2.3:a:oracle:jre:1.8.0:update_91
  • Oracle JRE 1.8.0 Update 92
    cpe:2.3:a:oracle:jre:1.8.0:update_92
  • Oracle JRockit R28.3.10
    cpe:2.3:a:oracle:jrockit:r28.3.10
CVSS
Base: 2.1 (as of 16-08-2016 - 09:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2347-1.NASL
    description IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 93646
    published 2016-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93646
    title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2726-1.NASL
    description IBM Java 8 was updated to version 8.0-3.10 to fix the following security issues : - CVE-2016-3485: Unspecified vulnerability allowed local users to affect integrity via vectors related to Networking - CVE-2016-3511: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via vectors related to Deployment - CVE-2016-3598: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 94609
    published 2016-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94609
    title SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:2726-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2430-1.NASL
    description IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 119980
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119980
    title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2261-1.NASL
    description IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 93373
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93373
    title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-43.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-43 (IcedTea: Multiple vulnerabilities) Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot, Libraries, and JAXP, exist which allows remote attackers to affect the confidentiality, integrity, and availability of vulnerable systems. Many of the vulnerabilities can only be exploited through sandboxed Java Web Start applications and java applets. Please review the CVE identifiers referenced below for details. Impact : Remote attackers may execute arbitrary code, compromise information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-01-20
    plugin id 96640
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96640
    title GLSA-201701-43 : IcedTea: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2286-1.NASL
    description IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 93458
    published 2016-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93458
    title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:2286-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2348-1.NASL
    description IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 93647
    published 2016-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93647
    title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_JAVA_JULY2016_ADVISORY.NASL
    description The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511) - A flaw exists in the Libraries subcomponent in the share/classes/java/lang/invoke/MethodHandles.java class within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2016-3598)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 94970
    published 2016-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94970
    title AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)
  • NASL family Windows
    NASL id ORACLE_JROCKIT_CPU_JUL_2016.NASL
    description The version of Oracle JRockit installed on the remote Windows host is 28.3.10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485) - Multiple unspecified flaws exist in the JAXP subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500, CVE-2016-3508)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 92492
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92492
    title Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-978.NASL
    description This update for java-1_8_0-openjdk fixes the following issues : - Upgrade to version jdk8u101 (icedtea 3.1.0) - New in release 3.1.0 (2016-07-25) : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732) - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734) - S8146514: Enforce GCM limits - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking (bsc#989730) - S8149070: Enforce update ordering - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731) - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733) - S8153312: Constrain AppCDS behavior - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721) - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722) - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723) - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725) - CVE-2016-3552 (bsc#989726) - CVE-2016-3511 (bsc#989727) - CVE-2016-3503 (bsc#989728) - CVE-2016-3498 (bsc#989729) - New features - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux - PR2821: Support building OpenJDK with --disable-headful - PR2931, G478960: Provide Infinality Support via fontconfig - PR3079: Provide option to build Shenandoah on x86_64 - Import of OpenJDK 8 u92 build 14 - S6869327: Add new C2 flag to keep safepoints in counted loops. - S8022865: [TESTBUG] Compressed Oops testing needs to be revised - S8029630: Thread id should be displayed as a hex number in error report - S8029726: On OS X some dtrace probe names are mismatched with Solaris - S8029727: On OS X dtrace probes CallMethodA/CallMethodV are not fired. - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header - S8041900: [macosx] Java forces the use of discrete GPU - S8044363: Remove special build options for unpack200 executable - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH - S8046611: Build errors with gcc on sparc/fastdebug - S8047763: Recognize sparc64 as a sparc platform - S8048232: Fix for 8046471 breaks PPC64 build - S8052396: Catch exceptions resulting from missing font cmap - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled - S8065579: WB method to start G1 concurrent mark cycle should be introduced - S8065986: Compiler fails to NullPointerException when calling super with Object<>() - S8066974: Compiler doesn't infer method's generic type information in lambda body - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years - S8068033: JNI exception pending in jdk/src/share/bin/java.c - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found - S8068254: Method reference uses wrong qualifying type - S8074696: Remote debugging session hangs for several minutes when calling findBootType - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/ - S8080650: Enable stubs to use frame pointers correctly - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure - S8129348: Debugger hangs in trace mode with TRACE_SENDS - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2 - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_ has wrong permissions - S8131129: Attempt to define a duplicate BMH$Species class - S8131665: Bad exception message in HandshakeHash.getFinishedHash - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X - S8133207: ParallelProbes.java test fails after changes for JDK-8080115 - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518 - S8134007: Improve string folding - S8134759: jdb: Incorrect stepping inside finally block - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set - S8136442: Don't tie Certificate signature algorithms to ciphersuites - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+ - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized - S8139436: sun.security.mscapi.KeyStore might load incomplete data - S8139751: Javac crash with -XDallowStringFolding=false - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof - S8140031: SA: Searching for a value in Threads does not work - S8140249: JVM Crashing During startUp If Flight Recording is enabled - S8140344: add support for 3 digit update release numbers - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8141260: isReachable crash in windows xp - S8143297: Nashorn compilation time reported in nanoseconds - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly - S8143855: Bad printf formatting in frame_zero.cpp - S8143896: java.lang.Long is implicitly converted to double - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg - S8144020: Remove long as an internal numeric type - S8144131: ArrayData.getInt implementations do not convert to int32 - S8144483: One long Safepoint pause directly after each GC log rotation - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds - S8144935: C2: safepoint is pruned from a non-counted loop - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution - S8145017: Add support for 3 digit hotspot minor version numbers - S8145099: Better error message when SA can't attach to a process - S8145442: Add the facility to verify remembered sets for G1 - S8145466: javac: No line numbers in compilation error - S8145539: (coll) AbstractMap.keySet and .values should not be volatile - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic - S8145669: apply2call optimized callsite fails after becoming megamorphic - S8145722: NullPointerException in javadoc - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI - S8146147: Java linker indexed property getter does not work for computed nashorn string - S8146566: OpenJDK build can't handle commas in LDFLAGS - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - S8147630: Wrong test result pushed to 8u-dev - S8147845: Varargs Array functions still leaking longs - S8147857: RMIConnector logs attribute names incorrectly - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC - S8150791: 8u76 L10n resource file translation update - Import of OpenJDK 8 u101 build 13 - S6483657: MSCAPI provider does not create unique alias names - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type - S8037557: test SessionCacheSizeTests.java timeout - S8038837: Add support to jarsigner for specifying timestamp hash algorithm - S8081778: Use Intel x64 CPU instructions for RSA acceleration - S8130150: Implement BigInteger.montgomeryMultiply intrin