CVE-2016-3427

Description

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apache,
canonical,
debian,
netapp,
opensuse,
oracle,
redhat,
suse

Products

cassandra,
cassandra 4.0.0,
debian linux 8.0,
e-series santricity management plug-ins -,
e-series santricity storage manager -,
e-series santricity web services -,
enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 6.7,
enterprise linux eus 7.2,
enterprise linux eus 7.3,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 7.2,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server eus 6.7,
enterprise linux server eus 7.2,
enterprise linux server tus 7.2,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
jdk 1.6.0,
jdk 1.7.0,
jdk 1.8.0,
jre 1.6.0,
jre 1.7.0,
jre 1.8.0,
jrockit r28.3.9,
leap 42.1,
linux 5,
linux 6,
linux 7,
linux enterprise desktop 12,
linux enterprise module for legacy 12,
linux enterprise server 10,
linux enterprise server 11,
linux enterprise server 12,
linux enterprise software development kit 11,
linux enterprise software development kit 12,
manager 2.1,
manager proxy 2.1,
oncommand balance -,
oncommand cloud manager -,
oncommand insight -,
oncommand performance manager -,
oncommand report -,
oncommand shift -,
oncommand unified manager -,
oncommand workflow automation -,
openstack cloud 5,
opensuse 13.1,
opensuse 13.2,
satellite 5.6,
satellite 5.7,
storagegrid,
ubuntu linux 12.04,
ubuntu linux 14.04,
ubuntu linux 15.10,
ubuntu linux 16.04,
vasa provider for clustered data ontap,
virtual storage console

Exploited in the Wild

Reported by:

mkienow-r7 indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2023/05/12/cisa-adds-seven-known-exploited-vulnerabilities-catalog)

Reported: May 13, 2023 1:25am UTC (1 year ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2023/05/12/cisa-adds-seven-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:28am UTC (1 month ago)

References

Canonical

CVE-2016-3427 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427)

BID-86421 (http://www.securityfocus.com/bid/86421)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html

http://rhn.redhat.com/errata/RHSA-2016-0677.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

USN-2972-1 (http://www.ubuntu.com/usn/USN-2972-1)

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

SECTRACK-1037331 (http://www.securitytracker.com/id/1037331)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

http://rhn.redhat.com/errata/RHSA-2016-0676.html

https://access.redhat.com/errata/RHSA-2016:1430

https://security.netapp.com/advisory/ntap-20160420-0001

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://rhn.redhat.com/errata/RHSA-2016-0723.html

http://rhn.redhat.com/errata/RHSA-2016-0651.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

https://kc.mcafee.com/corporate/index?page=content&id=SB10159

USN-2964-1 (http://www.ubuntu.com/usn/USN-2964-1)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

GLSA-201606-18 (https://security.gentoo.org/glsa/201606-18)

http://rhn.redhat.com/errata/RHSA-2016-0716.html

SECTRACK-1035596 (http://www.securitytracker.com/id/1035596)

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html

USN-2963-1 (http://www.ubuntu.com/usn/USN-2963-1)

http://rhn.redhat.com/errata/RHSA-2016-0675.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

http://rhn.redhat.com/errata/RHSA-2016-0679.html

https://access.redhat.com/errata/RHSA-2017:1216

DSA-3558 (http://www.debian.org/security/2016/dsa-3558)

http://rhn.redhat.com/errata/RHSA-2016-0678.html

http://rhn.redhat.com/errata/RHSA-2016-0650.html

[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E)

[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX (https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258@%3Cuser.cassandra.apache.org%3E)

[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX (https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948@%3Cdev.cassandra.apache.org%3E)

[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX (http://www.openwall.com/lists/oss-security/2020/08/31/1)

Rapid7

Unknown

Unknown

Unknown

None

None

Network

CVE-2016-3427

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2016-3427

Unknown

Unknown

None

None

Network

CVE-2016-3427

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification