CVE-2016-3427 - 漏洞详情

CVE-2016-3427 (CNNVD-201604-459)

CRITICAL

中文标题:

多款 Oracle 产品安全漏洞

英文标题:

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki...

CVSS分数: 9.8

发布时间: 2016-04-21 10:00:00

漏洞类型: 其他

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Oracle Java SE等都是美国甲骨文（Oracle）公司的产品。Oracle Java SE是一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。Oracle Java SE Embedded是一款针对嵌入式系统的、可移植的应用程序的Java平台。Oracle Jrockit是一款内置于Oracle融合中间件中的Java虚拟机。 Oracle Java SE、Java SE Embedded和JRockit中的JMX子组件存在安全漏洞。远程攻击者可利用该漏洞控制组件，影响数据的保密性，完整性及可用性。以下版本受到影响：Oracle Java SE 6u113版本，7u99版本，8u77版本，Java SE Embedded 8u77版本，Jrockit R28.3.9版本。

英文描述:

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CWE类型:

CWE-284

受影响产品

厂商	产品	版本	版本范围	平台	CPE
oracle	jdk	1.6.0	-	-	`cpe:2.3:a:oracle:jdk:1.6.0:update113::::::`
oracle	jdk	1.7.0	-	-	`cpe:2.3:a:oracle:jdk:1.7.0:update99::::::`
oracle	jdk	1.8.0	-	-	`cpe:2.3:a:oracle:jdk:1.8.0:update77::::::`
oracle	jre	1.6.0	-	-	`cpe:2.3:a:oracle:jre:1.6.0:update113::::::`
oracle	jre	1.7.0	-	-	`cpe:2.3:a:oracle:jre:1.7.0:update99::::::`
oracle	jre	1.8.0	-	-	`cpe:2.3:a:oracle:jre:1.8.0:update77::::::`
oracle	jrockit	r28.3.9	-	-	`cpe:2.3:a:oracle:jrockit:r28.3.9:::::::*`
oracle	linux	5	-	-	`cpe:2.3:o:oracle:linux:5:-::::::`
oracle	linux	6	-	-	`cpe:2.3:o:oracle:linux:6:-::::::`
oracle	linux	7	-	-	`cpe:2.3:o:oracle:linux:7:-::::::`
canonical	ubuntu_linux	12.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::`
canonical	ubuntu_linux	14.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
canonical	ubuntu_linux	15.10	-	-	`cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*`
canonical	ubuntu_linux	16.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::`
debian	debian_linux	8.0	-	-	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
netapp	e-series_santricity_management_plug-ins	-	-	-	`cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::vmware_vcenter::`
netapp	e-series_santricity_storage_manager	-	-	-	`cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*`
netapp	e-series_santricity_web_services	-	-	-	`cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy::`
netapp	oncommand_balance	-	-	-	`cpe:2.3:a:netapp:oncommand_balance:-:::::::*`
netapp	oncommand_cloud_manager	-	-	-	`cpe:2.3:a:netapp:oncommand_cloud_manager:-:::::::*`
netapp	oncommand_insight	-	-	-	`cpe:2.3:a:netapp:oncommand_insight:-:::::::*`
netapp	oncommand_performance_manager	-	-	-	`cpe:2.3:a:netapp:oncommand_performance_manager:-:::::::*`
netapp	oncommand_report	-	-	-	`cpe:2.3:a:netapp:oncommand_report:-:::::::*`
netapp	oncommand_shift	-	-	-	`cpe:2.3:a:netapp:oncommand_shift:-:::::::*`
netapp	oncommand_unified_manager	-	-	-	`cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::`
netapp	oncommand_workflow_automation	-	-	-	`cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*`
netapp	storagegrid	*	-	-	`cpe:2.3:a:netapp:storagegrid::::::::`
netapp	vasa_provider_for_clustered_data_ontap	*	-	-	`cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap::::::::`
netapp	virtual_storage_console	*	-	-	`cpe:2.3:a:netapp:virtual_storage_console::::::vmware_vsphere::*`
apache	cassandra	*	-	-	`cpe:2.3:a:apache:cassandra::::::::`
apache	cassandra	4.0.0	-	-	`cpe:2.3:a:apache:cassandra:4.0.0:beta1::::::`
redhat	satellite	5.6	-	-	`cpe:2.3:a:redhat:satellite:5.6:::::::*`
redhat	satellite	5.7	-	-	`cpe:2.3:a:redhat:satellite:5.7:::::::*`
redhat	enterprise_linux_desktop	5.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*`
redhat	enterprise_linux_desktop	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*`
redhat	enterprise_linux_desktop	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*`
redhat	enterprise_linux_eus	6.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*`
redhat	enterprise_linux_eus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*`
redhat	enterprise_linux_eus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*`
redhat	enterprise_linux_eus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*`
redhat	enterprise_linux_eus	7.5	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*`
redhat	enterprise_linux_eus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*`
redhat	enterprise_linux_eus	7.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*`
redhat	enterprise_linux_server	5.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*`
redhat	enterprise_linux_server	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*`
redhat	enterprise_linux_server	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
redhat	enterprise_linux_server_aus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*`
redhat	enterprise_linux_server_aus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*`
redhat	enterprise_linux_server_aus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*`
redhat	enterprise_linux_server_aus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*`
redhat	enterprise_linux_server_aus	7.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*`
redhat	enterprise_linux_server_eus	6.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*`
redhat	enterprise_linux_server_eus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*`
redhat	enterprise_linux_server_tus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*`
redhat	enterprise_linux_server_tus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*`
redhat	enterprise_linux_server_tus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*`
redhat	enterprise_linux_server_tus	7.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*`
redhat	enterprise_linux_workstation	5.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*`
redhat	enterprise_linux_workstation	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*`
redhat	enterprise_linux_workstation	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*`
suse	linux_enterprise_module_for_legacy	12	-	-	`cpe:2.3:a:suse:linux_enterprise_module_for_legacy:12:::::::*`
suse	manager	2.1	-	-	`cpe:2.3:a:suse:manager:2.1:::::::*`
suse	manager_proxy	2.1	-	-	`cpe:2.3:a:suse:manager_proxy:2.1:::::::*`
suse	openstack_cloud	5	-	-	`cpe:2.3:a:suse:openstack_cloud:5:::::::*`
opensuse	leap	42.1	-	-	`cpe:2.3:o:opensuse:leap:42.1:::::::*`
opensuse	opensuse	13.1	-	-	`cpe:2.3:o:opensuse:opensuse:13.1:::::::*`
opensuse	opensuse	13.2	-	-	`cpe:2.3:o:opensuse:opensuse:13.2:::::::*`
suse	linux_enterprise_desktop	12	-	-	`cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::`
suse	linux_enterprise_server	10	-	-	`cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss:::*`
suse	linux_enterprise_server	11	-	-	`cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*`
suse	linux_enterprise_server	12	-	-	`cpe:2.3:o:suse:linux_enterprise_server:12:-::::::`
suse	linux_enterprise_software_development_kit	11	-	-	`cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::`
suse	linux_enterprise_software_development_kit	12	-	-	`cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

openSUSE-SU-2016:1222 vendor-advisory
cve.org

访问

RHSA-2016:0677 vendor-advisory
cve.org

访问

SUSE-SU-2016:1299 vendor-advisory
cve.org

访问

RHSA-2016:1039 vendor-advisory
cve.org

访问

RHSA-2016:0701 vendor-advisory
cve.org

访问

USN-2972-1 vendor-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

SUSE-SU-2016:1303 vendor-advisory
cve.org

访问

1037331 vdb-entry
cve.org

访问

SUSE-SU-2016:1475 vendor-advisory
cve.org

访问

openSUSE-SU-2016:1235 vendor-advisory
cve.org

访问

openSUSE-SU-2016:1262 vendor-advisory
cve.org

访问

SUSE-SU-2016:1300 vendor-advisory
cve.org

访问

RHSA-2016:0676 vendor-advisory
cve.org

访问

RHSA-2016:1430 vendor-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

RHSA-2016:0708 vendor-advisory
cve.org

访问

RHSA-2016:0723 vendor-advisory
cve.org

访问

RHSA-2016:0651 vendor-advisory
cve.org

访问

SUSE-SU-2016:1378 vendor-advisory
cve.org

访问

SUSE-SU-2016:1248 vendor-advisory
cve.org

访问

SUSE-SU-2016:1379 vendor-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

USN-2964-1 vendor-advisory
cve.org

访问

openSUSE-SU-2016:1230 vendor-advisory
cve.org

访问

SUSE-SU-2016:1458 vendor-advisory
cve.org

访问

GLSA-201606-18 vendor-advisory
cve.org

访问

RHSA-2016:0716 vendor-advisory
cve.org

访问

1035596 vdb-entry
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

openSUSE-SU-2016:1265 vendor-advisory
cve.org

访问

USN-2963-1 vendor-advisory
cve.org

访问

RHSA-2016:0675 vendor-advisory
cve.org

访问

SUSE-SU-2016:1250 vendor-advisory
cve.org

访问

SUSE-SU-2016:1388 vendor-advisory
cve.org

访问

RHSA-2016:0702 vendor-advisory
cve.org

访问

RHSA-2016:0679 vendor-advisory
cve.org

访问

RHSA-2017:1216 vendor-advisory
cve.org

访问

DSA-3558 vendor-advisory
cve.org

访问

RHSA-2016:0678 vendor-advisory
cve.org

访问

86421 vdb-entry
cve.org

访问

RHSA-2016:0650 vendor-advisory
cve.org

访问

[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ mailing-list
cve.org

访问

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ mailing-list
cve.org

访问

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ mailing-list
cve.org

访问

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ mailing-list
cve.org

访问

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ mailing-list
cve.org

访问

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ mailing-list
cve.org

访问

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/ mailing-list
cve.org

访问

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ mailing-list
cve.org

访问

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/ mailing-list
cve.org

访问

[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX mailing-list
cve.org

访问

[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX mailing-list
cve.org

访问

[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX mailing-list
cve.org

访问

134c704f-9b21-4f2e-91b3-4a467353bcc0 OTHER
nvd.nist.gov

访问

CVSS评分详情

3.1 (adp)

CRITICAL

9.8

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2016-04-21 10:00:00

修改时间:

2025-10-21 23:55:53

创建时间:

2025-11-11 15:34:18

更新时间:

2025-11-11 15:52:27

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2016-3427`	2025-11-11 15:19:07	2025-11-11 07:34:18
NVD	`nvd_CVE-2016-3427`	2025-11-11 14:55:06	2025-11-11 07:42:58
CNNVD	`cnnvd_CNNVD-201604-459`	2025-11-11 15:09:39	2025-11-11 07:52:27

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:52:27

vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-201604-459; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 其他
cnnvd_id: 未提取 -> CNNVD-201604-459
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:42:58

affected_products_count: 0 → 73; references_count: 59 → 60; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 0 -> 73
references_count: 59 -> 60
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2016-3427 (CNNVD-201604-459)

中文标题:

多款 Oracle 产品安全漏洞

英文标题:

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (adp)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史