Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P
Vendors Products
Netapp
  • Steelstore Cloud Integrated Storage
  • Storage Replication Adapter For Clustered Data Ontap
  • Element Software
  • Oncommand Unified Manager
  • E-series Santricity Web Services
  • Active Iq Unified Manager
  • E-series Santricity Management Plug-ins
  • Cloud Backup
  • Oncommand Shift
  • Oncommand Insight
  • Snapmanager
  • Oncommand Workflow Automation
  • Oncommand Performance Manager
  • Oncommand Balance
  • Plug-in For Symantec Netbackup
  • Virtual Storage Console
  • Vasa Provider For Clustered Data Ontap
  • E-series Santricity Os Controller
  • E-series Santricity Storage Manager
Oracle
  • Jdk
  • Jre
Redhat
  • Satellite
  • Enterprise Linux Server Tus
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server Aus
  • Enterprise Linux Server
  • Enterprise Linux Eus
Debian
  • Debian Linux

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch Vendor Advisory
http://www.securityfocus.com/bid/101321 Broken Link
http://www.securitytracker.com/id/1039596 Broken Link
https://access.redhat.com/errata/RHSA-2017:2998 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201710-31 Third Party Advisory
https://security.gentoo.org/glsa/201711-14 Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/ Third Party Advisory
https://www.debian.org/security/2017/dsa-4015 Third Party Advisory
https://www.debian.org/security/2017/dsa-4048 Third Party Advisory
https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2017-10-19T17:00:00

Updated: 2018-02-02T10:57:01

Reserved: 2017-06-21T00:00:00

Link: CVE-2017-10388

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-10-19T17:29:05.403

Modified: 2022-10-06T18:57:05.813

Link: CVE-2017-10388

JSON object: View

cve-icon Redhat Information

No data.

CWE