[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-10102Date: (C)2017-08-09   (M)2018-10-28


Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.0CVSS Score : 6.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 6.0Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038931
BID-99712
DSA-3919
DSA-3954
GLSA-201709-22
RHSA-2017:1789
RHSA-2017:1790
RHSA-2017:1791
RHSA-2017:1792
RHSA-2017:2424
RHSA-2017:2469
RHSA-2017:2481
RHSA-2017:2530
RHSA-2017:3453
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://cert.vde.com/en-us/advisories/vde-2017-002
https://security.netapp.com/advisory/ntap-20170720-0001/

CWE    1
CWE-284
OVAL    17
oval:org.secpod.oval:def:603027
oval:org.secpod.oval:def:603077
oval:org.secpod.oval:def:703732
oval:org.secpod.oval:def:703724
...

© SecPod Technologies