Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Oracle
  • Jre
  • Jrockit
  • Jdk

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*
cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2017-0175.html
http://rhn.redhat.com/errata/RHSA-2017-0176.html
http://rhn.redhat.com/errata/RHSA-2017-0177.html
http://rhn.redhat.com/errata/RHSA-2017-0180.html
http://rhn.redhat.com/errata/RHSA-2017-0263.html
http://rhn.redhat.com/errata/RHSA-2017-0269.html
http://rhn.redhat.com/errata/RHSA-2017-0336.html
http://rhn.redhat.com/errata/RHSA-2017-0337.html
http://rhn.redhat.com/errata/RHSA-2017-0338.html
http://www.debian.org/security/2017/dsa-3782
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html Patch Vendor Advisory
http://www.securityfocus.com/bid/95488
http://www.securitytracker.com/id/1037637
https://access.redhat.com/errata/RHSA-2017:1216
https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/
https://security.gentoo.org/glsa/201701-65
https://security.gentoo.org/glsa/201707-01
https://security.netapp.com/advisory/ntap-20170119-0001/
https://www.exploit-db.com/exploits/41145/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2017-01-27T22:01:00

Updated: 2018-12-10T17:57:01

Reserved: 2016-12-06T00:00:00

Link: CVE-2017-3241

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-01-27T22:59:02.333

Modified: 2018-12-10T19:29:20.907

Link: CVE-2017-3241

JSON object: View

cve-icon Redhat Information

No data.

CWE