{ "id": "CVE-2017-10388", "sourceIdentifier": "secalert_us@oracle.com", "published": "2017-10-19T17:29:05.403", "lastModified": "2022-10-06T18:57:05.813", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por Kerberos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esto afecta al cliente de Kerberos de Java SE. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.6, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.1 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "versionStartIncluding": "7.3", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "versionStartIncluding": "9.5", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0", "versionEndIncluding": "11.70.1", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "versionEndIncluding": "7.1", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "versionEndIncluding": "7.1", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "versionStartIncluding": "7.2", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "versionStartIncluding": "7.2", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "versionStartIncluding": "7.2", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" } ] } ] } ], "references": [ { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/101321", "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ] }, { "url": "http://www.securitytracker.com/id/1039596", "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2998", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:2999", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3046", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3047", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3264", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3267", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3268", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3392", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://access.redhat.com/errata/RHSA-2017:3453", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html", "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201710-31", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201711-14", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20171019-0001/", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2017/dsa-4015", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2017/dsa-4048", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ] } ] }