[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-10285Date: (C)2017-10-27   (M)2024-03-22


Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.6CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 6.0Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-101319
SECTRACK-1039596
DSA-4015
DSA-4048
GLSA-201710-31
GLSA-201711-14
RHSA-2017:2998
RHSA-2017:2999
RHSA-2017:3046
RHSA-2017:3047
RHSA-2017:3264
RHSA-2017:3267
RHSA-2017:3268
RHSA-2017:3392
RHSA-2017:3453
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://security.netapp.com/advisory/ntap-20171019-0001/
https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK

OVAL    39
oval:org.secpod.oval:def:603149
oval:org.secpod.oval:def:1600820
oval:org.secpod.oval:def:1502041
oval:org.secpod.oval:def:204576
...

© SecPod Technologies