[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90132

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-10243Date: (C)2017-08-09   (M)2018-10-28


Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 6.4
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 2.5Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
SECTRACK-1038931
BID-99827
DSA-3954
GLSA-201709-22
RHSA-2017:1789
RHSA-2017:1790
RHSA-2017:1791
RHSA-2017:1792
RHSA-2017:2424
RHSA-2017:2469
RHSA-2017:2481
RHSA-2017:2530
RHSA-2017:3453
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://security.netapp.com/advisory/ntap-20170720-0001/

CWE    1
CWE-284
OVAL    10
oval:org.secpod.oval:def:603077
oval:org.secpod.oval:def:703732
oval:org.secpod.oval:def:703724
oval:org.secpod.oval:def:703768
...

© SecPod Technologies