CVE-2017-10053 - OpenCVE

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Steelstore Cloud Integrated Storage Storage Replication Adapter For Clustered Data Ontap Element Software Oncommand Unified Manager Active Iq Unified Manager Cloud Backup Oncommand Shift Oncommand Insight Snapmanager Oncommand Performance Manager Oncommand Balance Plug-in For Symantec Netbackup Virtual Storage Console E-series Santricity Os Controller Vasa Provider E-series Santricity Storage Manager
Oracle	Jdk Jrockit Jre
Redhat	Satellite Enterprise Linux Server Tus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Aus Enterprise Linux Server Enterprise Linux Eus
Debian	Debian Linux
Phoenixcontact	Fl Mguard Dm

Configuration 1 [-]

OR	cpe:2.3:a:oracle:jdk:1.6.0:update151::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update141::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update131::::::
	cpe:2.3:a:oracle:jre:1.6.0:update151::::::
	cpe:2.3:a:oracle:jre:1.7.0:update141::::::
	cpe:2.3:a:oracle:jre:1.8.0:update131::::::
	cpe:2.3:a:oracle:jrockit:r28.3.14:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:satellite:5.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
	cpe:2.3:a:netapp:element_software:-:::::::*
	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::*
	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
	cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
	cpe:2.3:a:netapp:snapmanager:-:::::oracle::
	cpe:2.3:a:netapp:snapmanager:-:::::sap::
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap::::::windows::*
	cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:::::::*
	cpe:2.3:a:netapp:vasa_provider::::::clustered_data_ontap::*
	cpe:2.3:a:netapp:vasa_provider:6.0:::::clustered_data_ontap::
	cpe:2.3:a:netapp:virtual_storage_console::::::vsphere::*
	cpe:2.3:a:netapp:virtual_storage_console:6.0:::::vsphere::
	cpe:2.3:a:netapp:virtual_storage_console:6.2.2:::::vsphere::

Configuration 5 [-]

cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3919	Third Party Advisory
http://www.debian.org/security/2017/dsa-3954	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/99842	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038931	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:1789	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1790	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1791	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1792	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2424	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2469	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2481	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2530	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453	Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2017-002	Third Party Advisory
https://security.gentoo.org/glsa/201709-22	Third Party Advisory
https://security.netapp.com/advisory/ntap-20170720-0001/	Third Party Advisory