CVE-2017-3539

CWE-327Broken Cryptographic Algorithm9 documents8 sources
Severity
3.1LOW
EPSS
0.7%
top 27.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Redhat IcedteaOracle Corporation JavaDebian Debian Linux+9 more
Timeline
PublishedApr 24
Latest updateMay 13

Description

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthoriz

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages10 packages

CVEListV5oracle_corporation/java7u131, 8u121; Java SE Embedded: 8u121, Java SE: 6u141+2
NVDoracle/jdk1.6.0, 1.7.0, 1.8.0+2
NVDoracle/jre1.6.0, 1.7.0, 1.8.0+2
NVDredhat/icedtea< 3.4.0
Ubuntuopenjdk-7< 7u131-2.6.9-0ubuntu0.14.04.1

Also affects: Debian Linux 8.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-mmfj-2h5p-6f47: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security)2022-05-13
OSV
CVE-2017-3539: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security)2017-04-24
CVEList
CVE-2017-3539: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security)2017-04-24

📋Vendor Advisories

4
Ubuntu
OpenJDK 7 vulnerabilities2017-05-15
Ubuntu
OpenJDK 8 vulnerabilities2017-05-11
Red Hat
OpenJDK: MD5 allowed for jar verification (Security, 8171121)2017-04-18
Debian
CVE-2017-3539: openjdk-8 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc...2017

💬Community

1
Bugzilla
CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)2017-04-18
CVE-2017-3539 (LOW CVSS 3.1) | Vulnerability in the Java SE | cvebase.io