CVE-2017-10356

CWE-200 — Information Exposure CWE-327 — Broken Cryptographic Algorithm9 documents8 sources

Severity

6.2MEDIUM

EPSS

0.7%

top 28.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp E-series Santricity OS Controller Netapp Oncommand Unified Manager Oracle Corporation Java +14 more

Timeline

PublishedOct 19

Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized acc…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages15 packages

▶CVEListV5oracle_corporation/java4 versions+3

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre4 versions+3

▶Ubuntuopenjdk-7< 7u151-2.6.11-2ubuntu0.14.04.1

▶Ubuntuopenjdk-8< 8u151-b12-0ubuntu0.16.04.2

Also affects: Debian Linux 7.0, 8.0, 9.0, Enterprise Linux 7.4, 7.5, 7.6, 7.7

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-48hc-p2wv-prx2: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security)↗2022-05-13

▶

CVEList

CVE-2017-10356: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security)↗2017-10-19

▶

OSV

CVE-2017-10356: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security)↗2017-10-19

▶

📋Vendor Advisories

Ubuntu

OpenJDK 7 vulnerabilities↗2017-11-29

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2017-11-08

▶

Red Hat

OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)↗2017-10-17

▶

Debian

CVE-2017-10356: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2017

▶

💬Community

Bugzilla

CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)↗2017-10-17

▶