CVE-2017-3260

7 documents7 sources

Severity

8.3HIGH

EPSS

1.9%

top 16.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Java SE Oracle JDK Oracle JRE

Timeline

PublishedJan 27

Latest updateMay 17

Description

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability c…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5oracle/java_se7u121, 8u112+1

▶NVDoracle/jdk1.7, 1.8+1

▶NVDoracle/jre1.7, 1.8+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-484p-qmqf-9w2v: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT)↗2022-05-17

▶

OSV

firefox regression↗2017-05-11

▶

CVEList

CVE-2017-3260: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT)↗2017-01-27

▶

📋Vendor Advisories

Red Hat

OpenJDK: menu handling memory corruption (AWT, 8164143)↗2017-01-17

▶

Debian

CVE-2017-3260: openjdk-8 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Su...↗2017

▶

💬Community

Bugzilla

CVE-2017-3260 OpenJDK: menu handling memory corruption (AWT, 8164143)↗2017-01-18

▶