Download
| Alert*
CVE-2017-10388 -- openjdk-6-jdk, openjdk-9-jdk
Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.
|