CVE-2017-10125MEDIUM
Description
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/99809
http://www.securitytracker.com/id/1038931
Details
Source: MITRE
Published: 2017-08-08
Updated: 2020-09-08
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 4.4
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.4
Severity: MEDIUM
CVSS v3.0
Base Score: 7.1
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 0.5
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 121719 | Photon OS 1.0: Openjre PHSA-2017-0026 | Nessus | PhotonOS Local Security Checks | high |
| 121718 | Photon OS 1.0: Openjdk PHSA-2017-0026 | Nessus | PhotonOS Local Security Checks | high |
| 111875 | Photon OS 1.0: Openjdk / Openjre / Pycrypto / Python3 PHSA-2017-0026 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 105714 | openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14) | Nessus | SuSE Local Security Checks | high |
| 105538 | SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1) | Nessus | SuSE Local Security Checks | high |
| 103450 | GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 103191 | AIX Java Advisory : java_july2017_advisory.asc (July 2017 CPU) | Nessus | AIX Local Security Checks | high |
| 102837 | SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:2281-1) | Nessus | SuSE Local Security Checks | medium |
| 102836 | SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:2280-1) | Nessus | SuSE Local Security Checks | medium |
| 102801 | SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:2263-1) | Nessus | SuSE Local Security Checks | medium |
| 102621 | openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954) | Nessus | SuSE Local Security Checks | medium |
| 102541 | SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2175-1) | Nessus | SuSE Local Security Checks | medium |
| 700165 | Oracle Java SE 6 < Update 161 / 7 < Update 151 / 8 < Update 141 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
| 101844 | Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix) | Nessus | Misc. | medium |
| 101843 | Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) | Nessus | Windows | medium |