CVE-2016-3427 vulnerability in Oracle and Other Products
Published on April 21, 2016
Known Exploited Vulnerability
This Oracle Java SE and JRockit Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web servi.
The following remediation steps are recommended / required by June 2, 2023: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2016-3427 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2016-3427
You can be notified by stack.watch whenever vulnerabilities like CVE-2016-3427 are published in these products:
What versions are vulnerable to CVE-2016-3427?
- Oracle Jrockit Version r28.3.9
- Oracle Linux Version 5 -
- Oracle Linux Version 6 -
- Oracle Linux Version 7 -
- Oracle Java Development Kit (JDK) Version 1.8.0 update77
- Oracle Java Development Kit (JDK) Version 1.6.0 update113
- Oracle Java Development Kit (JDK) Version 1.7.0 update99
- Oracle Java Runtime Environment (JRE) Version 1.6.0 update113
- Oracle Java Runtime Environment (JRE) Version 1.7.0 update99
- Oracle Java Runtime Environment (JRE) Version 1.8.0 update77
- Canonical Ubuntu Linux Version 15.10
- Canonical Ubuntu Linux Version 14.04
- Canonical Ubuntu Linux Version 16.04
- Canonical Ubuntu Linux Version 12.04
- Debian Linux Version 8.0
- NetApp Oncommand Balance Version -
- NetApp Oncommand Workflow Automation Version -
- NetApp Oncommand Insight Version -
- NetApp Virtual Storage Console Version 7.2 vmware_vsphere
- NetApp E Series Santricity Storage Manager Version -
- NetApp Oncommand Unified Manager Version - 7-mode
- NetApp Vasa Provider Clustered Data Ontap Version 7.2
- NetApp Oncommand Unified Manager Version - clustered_data_ontap
- NetApp Oncommand Performance Manager Version -
- NetApp Oncommand Cloud Manager Version -
- NetApp E Series Santricity Management Plug Ins Version - vmware_vcenter
- NetApp Storagegrid Up to Version 9.0.4
- NetApp Oncommand Shift Version -
- NetApp E Series Santricity Web Services Version - web_services_proxy
- NetApp Oncommand Report Version -
- Apache Cassandra Version 4.0.0 beta1
- Apache Cassandra Version 3.11.0 Fixed in Version 3.11.8
- Apache Cassandra Version 3.0.0 Fixed in Version 3.0.22
- Apache Cassandra Version 2.2.0 Fixed in Version 2.2.18
- Apache Cassandra Version 2.1.0 Fixed in Version 2.1.22
- Red Hat Enterprise Linux Desktop Version 7.0
- Red Hat Enterprise Linux Server Version 5.0
- Red Hat Enterprise Linux Server Aus Version 7.2
- Red Hat Enterprise Linux Workstation Version 7.0
- Red Hat Satellite Version 5.7
- Red Hat Enterprise Linux Server Tus Version 7.2
- Red Hat Enterprise Linux Server Version 7.0
- Red Hat Enterprise Linux Workstation Version 5.0
- Red Hat Enterprise Linux Eus Version 6.7
- Red Hat Enterprise Linux Server Eus Version 7.2
- Red Hat Enterprise Linux Desktop Version 6.0
- Red Hat Enterprise Linux Server Version 6.0
- Red Hat Enterprise Linux Workstation Version 6.0
- Red Hat Enterprise Linux Server Tus Version 7.3
- Red Hat Enterprise Linux Desktop Version 5.0
- Red Hat Enterprise Linux Server Aus Version 7.3
- Red Hat Enterprise Linux Server Aus Version 7.4
- Red Hat Enterprise Linux Eus Version 7.3
- Red Hat Enterprise Linux Eus Version 7.4
- Red Hat Enterprise Linux Eus Version 7.5
- Red Hat Satellite Version 5.6
- Red Hat Enterprise Linux Server Eus Version 6.7
- Red Hat Enterprise Linux Server Tus Version 7.6
- Red Hat Enterprise Linux Server Aus Version 7.6
- Red Hat Enterprise Linux Eus Version 7.6
- Red Hat Enterprise Linux Eus Version 7.2
- Red Hat Enterprise Linux Server Aus Version 7.7
- Red Hat Enterprise Linux Server Tus Version 7.7
- Red Hat Enterprise Linux Eus Version 7.7
- Suse Linux Enterprise Server Version 11 sp4
- Suse Openstack Cloud Version 5
- Suse Manager Proxy Version 2.1
- Suse Linux Enterprise Software Development Kit Version 12 sp1
- Suse Linux Enterprise Server Version 11 sp3
- Suse Manager Version 2.1
- Suse Linux Enterprise Server Version 12 sp1
- Suse Linux Enterprise Software Development Kit Version 11 sp4
- Suse Linux Enterprise Server Version 11 sp2
- Suse Linux Enterprise Desktop Version 12 sp1
- Suse Linux Enterprise Server Version 10 sp4
- OpenSuse Leap Version 42.1
- OpenSuse Version 13.1
- OpenSuse Version 13.2
- Suse Linux Enterprise Server Version 12 -
- Suse Linux Enterprise Desktop Version 12 -
- Suse Linux Enterprise Module Legacy Version 12