[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-3261Date: (C)2017-01-31   (M)2024-04-19


Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1037637
BID-95566
DSA-3782
GLSA-201701-65
GLSA-201707-01
RHSA-2017:0175
RHSA-2017:0176
RHSA-2017:0177
RHSA-2017:0180
RHSA-2017:0263
RHSA-2017:0269
RHSA-2017:0336
RHSA-2017:0337
RHSA-2017:0338
RHSA-2017:1216
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
https://security.netapp.com/advisory/ntap-20170119-0001/

OVAL    31
oval:org.secpod.oval:def:505409
oval:org.secpod.oval:def:204084
oval:org.secpod.oval:def:204083
oval:org.secpod.oval:def:204107
...

© SecPod Technologies