Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3241

CWE-20 — Improper Input Validation CWE-502 — Deserialization of Untrusted Data11 documents9 sources

Severity

9.0CRITICAL

EPSS

76.8%

top 1.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Java SE Oracle Java SE Embedded Oracle Jrockit +2 more

Timeline

PublishedJan 27

Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional product…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages9 packages

▶CVEListV5oracle/java_se_embedded8u111

▶CVEListV5oracle/java_se6u131, 7u121, 8u112+2

▶CVEListV5oracle/jrockitR28.3.12

▶NVDoracle/jrockitr28.3.12

▶NVDoracle/jdk1.6, 1.7, 1.8+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-j64j-5jrj-hggj: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI)↗2022-05-14

▶

CVEList

CVE-2017-3241: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI)↗2017-01-27

▶

OSV

CVE-2017-3241: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI)↗2017-01-18

▶

💥Exploits & PoCs

Exploit-DB

Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service↗2017-01-23

▶

📋Vendor Advisories

Ubuntu

OpenJDK 6 vulnerabilities↗2017-02-16

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2017-02-09

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2017-01-25

▶

Red Hat

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)↗2017-01-17

▶

Debian

CVE-2017-3241: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...↗2017

▶

💬Community

Bugzilla

CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)↗2017-01-17

▶