CVE-2017-10347

MEDIUM

Description

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/101382

http://www.securitytracker.com/id/1039596

https://access.redhat.com/errata/RHSA-2017:2998

https://access.redhat.com/errata/RHSA-2017:2999

https://access.redhat.com/errata/RHSA-2017:3046

https://access.redhat.com/errata/RHSA-2017:3047

https://access.redhat.com/errata/RHSA-2017:3264

https://access.redhat.com/errata/RHSA-2017:3267

https://access.redhat.com/errata/RHSA-2017:3268

https://access.redhat.com/errata/RHSA-2017:3392

https://access.redhat.com/errata/RHSA-2017:3453

https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

https://security.gentoo.org/glsa/201710-31

https://security.gentoo.org/glsa/201711-14

https://security.netapp.com/advisory/ntap-20171019-0001/

https://www.debian.org/security/2017/dsa-4015

https://www.debian.org/security/2017/dsa-4048

Details

Source: MITRE

Published: 2017-10-19

Updated: 2018-02-04

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.6.0:update_161:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update_151:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update_144:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_161:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_151:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_144:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (44 total)

ID	Name	Product	Family	Severity
700655	Oracle Java SE 6 < Update 171 / 7 < Update 161 / 8 < Update 151 / 9 < Update 1 Multiple Vulnerabilities (October 2017 CPU)	Nessus Network Monitor	Web Clients	high
120008	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3235-1)	Nessus	SuSE Local Security Checks	high
105744	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0061-1)	Nessus	SuSE Local Security Checks	high
105714	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)	Nessus	SuSE Local Security Checks	high
105538	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)	Nessus	SuSE Local Security Checks	high
105506	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3455-1)	Nessus	SuSE Local Security Checks	high
105482	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3440-1)	Nessus	SuSE Local Security Checks	high
105462	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:3411-1)	Nessus	SuSE Local Security Checks	high
105421	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-936)	Nessus	Amazon Linux Local Security Checks	medium
105388	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3369-1)	Nessus	SuSE Local Security Checks	high
105312	EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1331)	Nessus	Huawei Local Security Checks	medium
105311	EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1330)	Nessus	Huawei Local Security Checks	medium
105267	RHEL 6 : Satellite Server (RHSA-2017:3453)	Nessus	Red Hat Local Security Checks	high
105086	Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2017-3392)	Nessus	Virtuozzo Local Security Checks	medium
105071	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
105069	RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2017:3392)	Nessus	Red Hat Local Security Checks	medium
105068	Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2017-3392)	Nessus	Oracle Linux Local Security Checks	medium
105062	CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2017:3392)	Nessus	CentOS Local Security Checks	medium
104846	Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3497-1)	Nessus	Ubuntu Local Security Checks	medium
104840	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:3268)	Nessus	Red Hat Local Security Checks	medium
104839	RHEL 6 : java-1.8.0-ibm (RHSA-2017:3267)	Nessus	Red Hat Local Security Checks	medium
104802	RHEL 7 : java-1.8.0-ibm (RHSA-2017:3264)	Nessus	Red Hat Local Security Checks	medium
104754	Debian DSA-4048-1 : openjdk-7 - security update	Nessus	Debian Local Security Checks	medium
104746	Debian DLA-1187-1 : openjdk-7 security update	Nessus	Debian Local Security Checks	medium
104695	GLSA-201711-14 : IcedTea: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
104582	Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-2998)	Nessus	Virtuozzo Local Security Checks	medium
104531	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)	Nessus	SuSE Local Security Checks	high
104527	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)	Nessus	SuSE Local Security Checks	high
104477	Ubuntu 16.04 LTS / 17.04 / 17.10 : openjdk-8 vulnerabilities (USN-3473-1)	Nessus	Ubuntu Local Security Checks	medium
104365	Debian DSA-4015-1 : openjdk-8 - security update	Nessus	Debian Local Security Checks	medium
104280	EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1255)	Nessus	Huawei Local Security Checks	medium
104279	EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)	Nessus	Huawei Local Security Checks	medium
104232	GLSA-201710-31 : Oracle JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
104183	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-917)	Nessus	Amazon Linux Local Security Checks	medium
104140	RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)	Nessus	Red Hat Local Security Checks	high
104139	RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)	Nessus	Red Hat Local Security Checks	high
104116	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)	Nessus	Red Hat Local Security Checks	high
104093	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
104092	RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:2998)	Nessus	Red Hat Local Security Checks	medium
104089	Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2017-2998)	Nessus	Oracle Linux Local Security Checks	medium
104054	CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:2998)	Nessus	CentOS Local Security Checks	medium
103964	Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)	Nessus	Misc.	high
103963	Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)	Nessus	Windows	high
103932	Oracle JRockit R28.3.15 Multiple Vulnerabilities (October 2017 CPU)	Nessus	Windows	medium