CVE-2017-3533

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

http://www.debian.org/security/2017/dsa-3858

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97740

http://www.securitytracker.com/id/1038286

https://access.redhat.com/errata/RHSA-2017:1108

https://access.redhat.com/errata/RHSA-2017:1109

https://access.redhat.com/errata/RHSA-2017:1117

https://access.redhat.com/errata/RHSA-2017:1118

https://access.redhat.com/errata/RHSA-2017:1119

https://access.redhat.com/errata/RHSA-2017:1204

https://access.redhat.com/errata/RHSA-2017:1220

https://access.redhat.com/errata/RHSA-2017:1221

https://access.redhat.com/errata/RHSA-2017:1222

https://access.redhat.com/errata/RHSA-2017:3453

https://security.gentoo.org/glsa/201705-03

https://security.gentoo.org/glsa/201707-01

Details

Source: MITRE

Published: 2017-04-24

Updated: 2020-09-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
127348NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)NessusNewStart CGSL Local Security Checks
critical
127336NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0105)NessusNewStart CGSL Local Security Checks
low
119998SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)NessusSuSE Local Security Checks
critical
105267RHEL 6 : Satellite Server (RHSA-2017:3453)NessusRed Hat Local Security Checks
critical
103189AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)NessusAIX Local Security Checks
high
101462Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2017-1204)NessusVirtuozzo Local Security Checks
medium
101459Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-1109)NessusVirtuozzo Local Security Checks
medium
101458Virtuozzo 7 : java-1.8.0-openjdk / etc (VZLSA-2017-1108)NessusVirtuozzo Local Security Checks
medium
101248GLSA-201707-01 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
100707openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-662)NessusSuSE Local Security Checks
high
100692EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2017-1099)NessusHuawei Local Security Checks
medium
100691EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1098)NessusHuawei Local Security Checks
medium
100636Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)NessusAmazon Linux Local Security Checks
high
100541SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:1445-1)NessusSuSE Local Security Checks
high
100540SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)NessusSuSE Local Security Checks
critical
100503openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)NessusSuSE Local Security Checks
critical
100474Debian DLA-954-1 : openjdk-7 security updateNessusDebian Local Security Checks
high
100409SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2017:1400-1)NessusSuSE Local Security Checks
critical
100378SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)NessusSuSE Local Security Checks
critical
100377SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)NessusSuSE Local Security Checks
critical
100376SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)NessusSuSE Local Security Checks
critical
100375SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)NessusSuSE Local Security Checks
critical
100305Debian DSA-3858-1 : openjdk-7 - security updateNessusDebian Local Security Checks
high
100293Ubuntu 14.04 LTS : openjdk-7 regression (USN-3275-3)NessusUbuntu Local Security Checks
high
100216Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3275-2)NessusUbuntu Local Security Checks
high
100154Ubuntu 16.04 LTS / 16.10 / 17.04 : openjdk-8 vulnerabilities (USN-3275-1)NessusUbuntu Local Security Checks
high
100119RHEL 6 : java-1.6.0-ibm (RHSA-2017:1222)NessusRed Hat Local Security Checks
critical
100118RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)NessusRed Hat Local Security Checks
critical
100117RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)NessusRed Hat Local Security Checks
critical
100105Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-827)NessusAmazon Linux Local Security Checks
high
700090Oracle Java SE 6 < Update 151 / 7 < Update 141 / 8 < Update 131 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
100096Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170509)NessusScientific Linux Local Security Checks
high
100091RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2017:1204)NessusRed Hat Local Security Checks
high
100087Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2017-1204)NessusOracle Linux Local Security Checks
high
100067CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2017:1204)NessusCentOS Local Security Checks
high
100017GLSA-201705-03 : Oracle JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
99940EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1074)NessusHuawei Local Security Checks
medium
99939EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1073)NessusHuawei Local Security Checks
medium
99652RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:1119)NessusRed Hat Local Security Checks
medium
99651RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:1118)NessusRed Hat Local Security Checks
high
99650RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:1117)NessusRed Hat Local Security Checks
high
99622Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20170421)NessusScientific Linux Local Security Checks
high
99621Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20170421)NessusScientific Linux Local Security Checks
high
99589Oracle Java SE Multiple Vulnerabilities (April 2017 CPU) (Unix)NessusMisc.
high
99588Oracle Java SE Multiple Vulnerabilities (April 2017 CPU)NessusWindows
high
99574RHEL 6 : java-1.8.0-openjdk (RHSA-2017:1109)NessusRed Hat Local Security Checks
high
99573RHEL 7 : java-1.8.0-openjdk (RHSA-2017:1108)NessusRed Hat Local Security Checks
high
99567Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2017-1109)NessusOracle Linux Local Security Checks
high
99566Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2017-1108)NessusOracle Linux Local Security Checks
high
99541CentOS 6 : java-1.8.0-openjdk (CESA-2017:1109)NessusCentOS Local Security Checks
high
99540CentOS 7 : java-1.8.0-openjdk (CESA-2017:1108)NessusCentOS Local Security Checks
high
99521Oracle JRockit R28.3.13 Multiple Vulnerabilities (April 2017 CPU)NessusWindows
low