MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.AXS4 (AXSA:2016-214:03)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 OpenJDK package(s) affected by AXSA-2016-214:03 vulnerabilities.

Reporter	Title	Published	Views	Family All 467
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Content Manager Records Enabler (CVE-2016-3427)	17 Jun 201812:16	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway	16 Jun 201821:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3427)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus	23 Mar 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server affecting IBM Tivoli Storage Manager FastBack Reporting (CVE-2016-3426, CVE-2016-3427)	17 Jun 201815:23	–	ibm

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/6601
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-214:03.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289253);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/17");

  script_cve_id(
    "CVE-2016-0686",
    "CVE-2016-0687",
    "CVE-2016-0695",
    "CVE-2016-3425",
    "CVE-2016-3427"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");

  script_name(english:"MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.AXS4 (AXSA:2016-214:03)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-214:03 advisory.

    The OpenJDK runtime environment.
    Security issues fixed with this release:
    CVE-2016-0686
    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and
    Java SE Embedded 8u77 allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    Serialization.
    CVE-2016-0687
    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and
    Java SE Embedded 8u77 allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to
    the Hotspot sub-component.
    CVE-2016-0695
    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
    Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
    affect confidentiality via vectors related to Security.
    CVE-2016-3425
    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
    Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
    affect availability via vectors related to JAXP.
    CVE-2016-3427
    Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
    Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
    affect confidentiality, integrity, and availability via vectors
    related to JMX.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6601");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.7.0-openjdk and / or java-1.7.0-openjdk-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3427");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.7.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.7.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'java-1.7.0-openjdk-1.7.0.101-2.6.6.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-1.7.0.101-2.6.6.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-devel-1.7.0.101-2.6.6.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.7.0-openjdk / java-1.7.0-openjdk-devel');
}

17 Jan 2026 00:00Current

7High risk

Vulners AI Score7

CVSS 39.6

CVSS 210

CVSS 3.19.8

EPSS0.93287

SSVC