CVE-2017-10067

12 documents8 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Netapp E-series Santricity OS ControllerNetapp Oncommand Unified ManagerOracle Corporation Java+14 more
Timeline
PublishedAug 8
Latest updateMay 13

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deploymen

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages15 packages

CVEListV5oracle_corporation/java7u141, 8u131, Java SE: 6u151+2
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2
Ubuntuopenjdk-7< 7u151-2.6.11-0ubuntu1.14.04.1
Ubuntuopenjdk-8< 8u131-b11-2ubuntu1.16.04.2

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

6
GHSA
GHSA-fp98-qh89-292g: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2022-05-13
OSV
openjdk-7 vulnerabilities2017-08-18
CVEList
CVE-2017-10067: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security)2017-08-08
OSV
openjdk-8 regression2017-07-31
OSV
openjdk-8 vulnerabilities2017-07-26

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2017-08-18
Ubuntu
OpenJDK 8 vulnerabilities2017-07-26
Red Hat
OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)2017-07-18
Debian
CVE-2017-10067: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security...2017

💬Community

1
Bugzilla
CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)2017-07-16
CVE-2017-10067 (HIGH CVSS 7.5) | Vulnerability in the Java SE compon | cvebase.io