CVE-2017-3252Improper Input Validation in Oracle JDK

CWE-20Improper Input Validation10 documents8 sources
Severity
5.8MEDIUMNVD
EPSS
0.4%
top 40.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Jrockit
Timeline
PublishedJan 27
Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:NExploitability: 1.3 | Impact: 4.0

Affected Packages3 packages

NVDoracle/jrockitr28.3.12
NVDoracle/jdk1.6, 1.7, 1.8+2
NVDoracle/jre1.6, 1.7, 1.8+2

🔴Vulnerability Details

3
GHSA
GHSA-942v-9xcr-5cqh: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS)2022-05-14
CVEList
CVE-2017-3252: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS)2017-01-27
OSV
CVE-2017-3252: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS)2017-01-19

📋Vendor Advisories

5
Ubuntu
OpenJDK 6 vulnerabilities2017-02-16
Ubuntu
OpenJDK 7 vulnerabilities2017-02-09
Ubuntu
OpenJDK 8 vulnerabilities2017-01-25
Red Hat
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)2017-01-17
Debian
CVE-2017-3252: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java...2017

💬Community

1
Bugzilla
CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)2017-01-17
CVE-2017-3252 — Improper Input Validation in Oracle JDK | cvebase