### [CVE-2016-3427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/EphraimMayer/remote-method-guesser
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/QChiLan/jexboss
- https://github.com/bibortone/Jexboss
- https://github.com/c002/Java-Application-Exploits
- https://github.com/gyanaa/https-github.com-joaomatosf-jexboss
- https://github.com/joaomatosf/jexboss
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/milkdevil/jexboss
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/pierre-ernst/s11n-hackfest2016
- https://github.com/pmihsan/Jex-Boss
- https://github.com/qashqao/jexboss
- https://github.com/qtc-de/beanshooter
- https://github.com/qtc-de/remote-method-guesser
- https://github.com/r00t4dm/hackfest-2016
- https://github.com/syadg123/exboss