CVE-2017-10090

9 documents8 sources
Severity
9.6CRITICAL
EPSS
0.5%
top 34.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Netapp E-series Santricity OS ControllerNetapp Oncommand Unified ManagerOracle Corporation Java+14 more
Timeline
PublishedAug 8
Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages15 packages

CVEListV5oracle_corporation/java8u131; Java SE Embedded: 8u131, Java SE: 7u141+1
NVDoracle/jdk1.7.0, 1.8.0+1
NVDoracle/jre1.7.0, 1.8.0+1
Ubuntuopenjdk-7< 7u151-2.6.11-0ubuntu1.14.04.1
Ubuntuopenjdk-8< 8u131-b11-2ubuntu1.16.04.2

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-cxmw-m357-3ccf: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2022-05-13
CVEList
CVE-2017-10090: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2017-08-08
OSV
CVE-2017-10090: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)2017-07-20

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2017-08-18
Ubuntu
OpenJDK 8 vulnerabilities2017-07-26
Red Hat
OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)2017-07-18
Debian
CVE-2017-10090: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2017

💬Community

1
Bugzilla
CVE-2017-10090 OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)2017-07-16
CVE-2017-10090 (CRITICAL CVSS 9.6) | Vulnerability in the Java SE | cvebase.io