CVE-2017-10281 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: S

CVE-2017-10281

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

Vulnerable Configurations

cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa
id RHSA-2017:2998
rhsa
id RHSA-2017:2999
rhsa
id RHSA-2017:3046
rhsa
id RHSA-2017:3047
rhsa
id RHSA-2017:3264
rhsa
id RHSA-2017:3267
rhsa
id RHSA-2017:3268
rhsa
id RHSA-2017:3392
rhsa
id RHSA-2017:3453

rpms

java-1.8.0-openjdk-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-accessibility-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-zip-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.1.el6_9
java-1.7.1-ibm-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-accessibility-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-headless-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el7_4
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9

refmap via4

bid	101378
confirm	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://security.netapp.com/advisory/ntap-20171019-0001/
debian	DSA-4015 DSA-4048
gentoo	GLSA-201710-31 GLSA-201711-14
mlist	[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update
sectrack	1039596

Last major update

13-05-2022 - 14:57

Published

19-10-2017 - 17:29

Last modified

13-05-2022 - 14:57