CVE-2016-3427
published 2016-04-21CVE-2016-3427: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-06-02
Exploited in the wild
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Affected
115 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cassandra | — | — |
| apache | cassandra | >= 2.1.0 < 2.1.22 | 2.1.22 |
| apache | cassandra | >= 2.2.0 < 2.2.18 | 2.2.18 |
| apache | cassandra | >= 3.0.0 < 3.0.22 | 3.0.22 |
| apache | cassandra | >= 3.11.0 < 3.11.8 | 3.11.8 |
| apache | tomcat | < 6.0.48 | 6.0.48 |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | >= 7.0.0 < 7.0.73 | 7.0.73 |
| apache | tomcat | >= 8.0 < 8.0.39 | 8.0.39 |
| apache | tomcat | >= 8.5.0 < 8.5.7 | 8.5.7 |
| apache_software_foundation | apache_tomcat | — | — |
| apache_software_foundation | apache_tomcat | — | — |
| apache_software_foundation | apache_tomcat | — | — |
| apache_software_foundation | apache_tomcat | — | — |
| apache_software_foundation | apache_tomcat | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | openjdk-8 | < openjdk-8 8u91-b14-1 (sid) | openjdk-8 8u91-b14-1 (sid) |
| debian | tomcat9 | — | — |
| netapp | storagegrid | <= 9.0.4 | — |
| netapp | vasa_provider_for_clustered_data_ontap | >= 7.2 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL