Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-10345

Опубликовано: 17 окт. 2017
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6java-1.6.0-ibmWill not fix
Oracle Java for Red Hat Enterprise Linux 6java-1.8.0-oracleFixedRHSA-2017:299923.10.2017
Oracle Java for Red Hat Enterprise Linux 6java-1.7.0-oracleFixedRHSA-2017:304624.10.2017
Oracle Java for Red Hat Enterprise Linux 6java-1.6.0-sunFixedRHSA-2017:304724.10.2017
Oracle Java for Red Hat Enterprise Linux 7java-1.8.0-oracleFixedRHSA-2017:299923.10.2017
Oracle Java for Red Hat Enterprise Linux 7java-1.7.0-oracleFixedRHSA-2017:304624.10.2017
Oracle Java for Red Hat Enterprise Linux 7java-1.6.0-sunFixedRHSA-2017:304724.10.2017
Red Hat Enterprise Linux 6java-1.8.0-openjdkFixedRHSA-2017:299820.10.2017
Red Hat Enterprise Linux 6java-1.7.0-openjdkFixedRHSA-2017:339206.12.2017
Red Hat Enterprise Linux 6 Supplementaryjava-1.8.0-ibmFixedRHSA-2017:326728.11.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1502858OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)

EPSS

Процентиль: 66%
0.00525
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-10345

CVSS3: 3.1
ubuntu
почти 8 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts)....

nvd логотип

CVE-2017-10345

CVSS3: 3.1
nvd
почти 8 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CV

debian логотип

CVE-2017-10345

CVSS3: 3.1
debian
почти 8 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...

github логотип

GHSA-p7q9-c7hh-v46v

CVSS3: 3.1
github
больше 3 лет назад

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts)....

oracle-oval логотип

ELSA-2017-2998

oracle-oval
почти 8 лет назад

ELSA-2017-2998: java-1.8.0-openjdk security update (CRITICAL)

EPSS

Процентиль: 66%
0.00525
Низкий

3.1 Low

CVSS3