CVE-2017-3231

CWE-200Information Exposure11 documents8 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 30.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle Java SEOracle Java SE EmbeddedOracle JDK+1 more
Timeline
PublishedJan 27
Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthoriz

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5oracle/java_se_embedded8u111
CVEListV5oracle/java_se6u131, 7u121, 8u112+2
NVDoracle/jdk1.6, 1.7, 1.8+2
NVDoracle/jre1.6, 1.7, 1.8+2
Ubuntuopenjdk-6< 6b41-1.13.13-0ubuntu0.14.04.1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-25f7-696r-m32w: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)2022-05-14
CVEList
CVE-2017-3231: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)2017-01-27
OSV
CVE-2017-3231: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking)2017-01-18

📋Vendor Advisories

5
Ubuntu
OpenJDK 6 vulnerabilities2017-02-16
Ubuntu
OpenJDK 7 vulnerabilities2017-02-09
Ubuntu
OpenJDK 8 vulnerabilities2017-01-25
Red Hat
OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)2017-01-17
Debian
CVE-2017-3231: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2017

💬Community

2
Bugzilla
CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function2017-06-19
Bugzilla
CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)2017-01-16