CVE-2017-10388

MEDIUM

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/101321

http://www.securitytracker.com/id/1039596

https://access.redhat.com/errata/RHSA-2017:2998

https://access.redhat.com/errata/RHSA-2017:2999

https://access.redhat.com/errata/RHSA-2017:3046

https://access.redhat.com/errata/RHSA-2017:3047

https://access.redhat.com/errata/RHSA-2017:3264

https://access.redhat.com/errata/RHSA-2017:3267

https://access.redhat.com/errata/RHSA-2017:3268

https://access.redhat.com/errata/RHSA-2017:3392

https://access.redhat.com/errata/RHSA-2017:3453

https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

https://security.gentoo.org/glsa/201710-31

https://security.gentoo.org/glsa/201711-14

https://security.netapp.com/advisory/ntap-20171019-0001/

https://www.debian.org/security/2017/dsa-4015

https://www.debian.org/security/2017/dsa-4048

https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK

Details

Source: MITRE

Published: 2017-10-19

Updated: 2020-09-08

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
127362NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0119)NessusNewStart CGSL Local Security Checks
medium
127357NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
medium
127144NewStart CGSL MAIN 5.04 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0003)NessusNewStart CGSL Local Security Checks
medium
700655Oracle Java SE 6 < Update 171 / 7 < Update 161 / 8 < Update 151 / 9 < Update 1 Multiple Vulnerabilities (October 2017 CPU)Nessus Network MonitorWeb Clients
high
121746Photon OS 1.0: Openjre PHSA-2017-0040NessusPhotonOS Local Security Checks
medium
121745Photon OS 1.0: Openjdk PHSA-2017-0040NessusPhotonOS Local Security Checks
medium
120008SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3235-1)NessusSuSE Local Security Checks
high
111889Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)NessusPhotonOS Local Security Checks
medium
105744SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0061-1)NessusSuSE Local Security Checks
high
105714openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)NessusSuSE Local Security Checks
high
105538SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)NessusSuSE Local Security Checks
high
105506SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3455-1)NessusSuSE Local Security Checks
high
105482SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:3440-1)NessusSuSE Local Security Checks
high
105462SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:3411-1)NessusSuSE Local Security Checks
high
105421Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-936)NessusAmazon Linux Local Security Checks
medium
105388SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:3369-1)NessusSuSE Local Security Checks
high
105267RHEL 6 : Satellite Server (RHSA-2017:3453)NessusRed Hat Local Security Checks
high
105086Virtuozzo 7 : java-1.7.0-openjdk / etc (VZLSA-2017-3392)NessusVirtuozzo Local Security Checks
medium
105071Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20171206)NessusScientific Linux Local Security Checks
medium
105069RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2017:3392)NessusRed Hat Local Security Checks
medium
105068Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2017-3392)NessusOracle Linux Local Security Checks
medium
105062CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2017:3392)NessusCentOS Local Security Checks
medium
104846Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3497-1)NessusUbuntu Local Security Checks
medium
104840RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:3268)NessusRed Hat Local Security Checks
medium
104839RHEL 6 : java-1.8.0-ibm (RHSA-2017:3267)NessusRed Hat Local Security Checks
medium
104802RHEL 7 : java-1.8.0-ibm (RHSA-2017:3264)NessusRed Hat Local Security Checks
medium
104754Debian DSA-4048-1 : openjdk-7 - security updateNessusDebian Local Security Checks
medium
104746Debian DLA-1187-1 : openjdk-7 security updateNessusDebian Local Security Checks
medium
104695GLSA-201711-14 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
104582Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-2998)NessusVirtuozzo Local Security Checks
medium
104531SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)NessusSuSE Local Security Checks
high
104527openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)NessusSuSE Local Security Checks
high
104477Ubuntu 16.04 LTS / 17.04 / 17.10 : openjdk-8 vulnerabilities (USN-3473-1)NessusUbuntu Local Security Checks
medium
104365Debian DSA-4015-1 : openjdk-8 - security updateNessusDebian Local Security Checks
medium
104326EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1273)NessusHuawei Local Security Checks
medium
104325EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1272)NessusHuawei Local Security Checks
medium
104280EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1255)NessusHuawei Local Security Checks
medium
104279EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)NessusHuawei Local Security Checks
medium
104232GLSA-201710-31 : Oracle JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
104183Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-917)NessusAmazon Linux Local Security Checks
medium
104140RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)NessusRed Hat Local Security Checks
high
104139RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)NessusRed Hat Local Security Checks
high
104116RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)NessusRed Hat Local Security Checks
high
104093Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20171020)NessusScientific Linux Local Security Checks
medium
104092RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:2998)NessusRed Hat Local Security Checks
medium
104089Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2017-2998)NessusOracle Linux Local Security Checks
medium
104054CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:2998)NessusCentOS Local Security Checks
medium
103964Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)NessusMisc.
high
103963Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)NessusWindows
high