CVE-2016-3427

Name: CVE-2016-3427
Creator: NVD / NIST
Published: 2016-04-21T11:00:21.667+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 92.33%

Last modified Jun 17, 2026

CVE-2016-3427 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.. CISA has confirmed active exploitation in the wild. EPSS estimates a 92.33% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

92.33%

99.8th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 2, 2023.

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions	Update
Oracle	Jdk	1.6.0	Update113
Oracle	Jdk	1.7.0	Update99
Oracle	Jdk	1.8.0	Update77
Oracle	Jre	1.6.0	Update113
Oracle	Jre	1.7.0	Update99
Oracle	Jre	1.8.0	Update77
Oracle	Jrockit	r28.3.9	—
Oracle	Linux	5	—
Oracle	Linux	6	—
Oracle	Linux	7	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	15.10	—
Canonical	Ubuntu Linux	16.04	—
Debian	Debian Linux	8.0	—
Netapp	E-Series Santricity Management Plug-Ins	All versions	—
Netapp	E-Series Santricity Storage Manager	All versions	—
Netapp	E-Series Santricity Web Services	All versions	—
Netapp	Oncommand Balance	All versions	—
Netapp	Oncommand Cloud Manager	All versions	—
Netapp	Oncommand Insight	All versions	—
Netapp	Oncommand Performance Manager	All versions	—
Netapp	Oncommand Report	All versions	—
Netapp	Oncommand Shift	All versions	—
Netapp	Oncommand Unified Manager	All versions	—
Netapp	Oncommand Workflow Automation	All versions	—
Netapp	Storagegrid	<= 9.0.4	—
Netapp	Vasa Provider For Clustered Data Ontap	>= 7.2	—
Netapp	Virtual Storage Console	>= 7.2	—
Apache	Cassandra	>= 2.1.0, < 2.1.22	—
Apache	Cassandra	>= 2.2.0, < 2.2.18	—
Apache	Cassandra	>= 3.0.0, < 3.0.22	—
Apache	Cassandra	>= 3.11.0, < 3.11.8	—
Apache	Cassandra	4.0.0	Beta1
Redhat	Satellite	5.6	—
Redhat	Satellite	5.7	—
Redhat	Enterprise Linux Desktop	5.0	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Eus	6.7	—
Redhat	Enterprise Linux Eus	7.2	—
Redhat	Enterprise Linux Eus	7.3	—
Redhat	Enterprise Linux Eus	7.4	—
Redhat	Enterprise Linux Eus	7.5	—
Redhat	Enterprise Linux Eus	7.6	—
Redhat	Enterprise Linux Eus	7.7	—
Redhat	Enterprise Linux Server	5.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Aus	7.2	—

Showing 50 of 76 affected configurations. See NVD for the full list.

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0650.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0651.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0675.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0676.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0677.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0678.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0679.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0723.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3558Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/08/31/1Mailing List
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/86421Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1035596Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037331Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2963-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2964-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2972-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10159Broken Link
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3EMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201606-18Third Party Advisory
https://security.netapp.com/advisory/ntap-20160420-0001/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0650.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0651.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0675.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0676.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0677.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0678.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0679.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0723.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3558Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/08/31/1Mailing List
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/86421Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1035596Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037331Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2963-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2964-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2972-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10159Broken Link
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3EMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201606-18Third Party Advisory
https://security.netapp.com/advisory/ntap-20160420-0001/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3427US Government Resource

Timeline

Published: Apr 21, 2016
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2016-3427?

How severe is CVE-2016-3427?

CVE-2016-3427 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 92.33% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2016-3427?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-3427?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST