Vulnerability CVE-2017-3544


Published: 2017-04-24

Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Redhat -> Icedtea 
Redhat -> Satellite 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Oracle -> JRE 
Oracle -> JDK 
Oracle -> Jrockit 
Google -> Android 
Debian -> Debian linux 

 References:
http://www.debian.org/security/2017/dsa-3858
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.securityfocus.com/bid/97745
http://www.securitytracker.com/id/1038286
https://access.redhat.com/errata/RHSA-2017:1108
https://access.redhat.com/errata/RHSA-2017:1109
https://access.redhat.com/errata/RHSA-2017:1117
https://access.redhat.com/errata/RHSA-2017:1118
https://access.redhat.com/errata/RHSA-2017:1119
https://access.redhat.com/errata/RHSA-2017:1204
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
https://access.redhat.com/errata/RHSA-2017:3453
https://security.gentoo.org/glsa/201705-03
https://security.gentoo.org/glsa/201707-01
https://source.android.com/security/bulletin/2017-07-01

Copyright 2024, cxsecurity.com

 

Back to Top