CVE-2016-3427

CRITICAL KEV

Oracle Jdk < 9.0.4 - Improper Access Control

Title source: rule

Description

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

References (60)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0650.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0651.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0675.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0676.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0677.html

... and 40 more

Scores

CVSS v3 9.8

EPSS 0.9362

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2023-05-12

VulnCheck KEV 2023-05-12

InTheWild.io 2023-05-12

ENISA EUVD EUVD-2016-4453

Classification

CWE

CWE-284

Status draft

Affected Products (50)

oracle/jdk

oracle/jre

oracle/jrockit

oracle/linux

canonical/ubuntu_linux

debian/debian_linux

... and 35 more

Timeline

Published Apr 21, 2016

KEV Added May 12, 2023

Tracked Since Feb 18, 2026