CVE-2017-3289

9 documents8 sources

Severity

9.6CRITICAL

EPSS

1.1%

top 21.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Java SE Oracle Java SE Embedded Oracle JDK +1 more

Timeline

PublishedJan 27

Latest updateMay 14

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may sig…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5oracle/java_se_embedded8u111

▶CVEListV5oracle/java_se7u121, 8u112+1

▶NVDoracle/jdk1.7, 1.8+1

▶NVDoracle/jre1.7, 1.8+1

▶Ubuntuopenjdk-7< 7u121-2.6.8-1ubuntu0.14.04.3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-9wpw-6vg5-7w9g: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot)↗2022-05-14

▶

CVEList

CVE-2017-3289: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot)↗2017-01-27

▶

OSV

CVE-2017-3289: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot)↗2017-01-19

▶

📋Vendor Advisories

Ubuntu

OpenJDK 7 vulnerabilities↗2017-02-09

▶

Ubuntu

OpenJDK 8 vulnerabilities↗2017-01-25

▶

Red Hat

OpenJDK: insecure class construction (Hotspot, 8167104)↗2017-01-17

▶

Debian

CVE-2017-3289: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...↗2017

▶

💬Community

Bugzilla

CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104)↗2017-01-16

▶