PT-2017-11358 · Oracle+6 · Java Se Embedded+8

Publicado

2017-10-19

·

Atualizado

2024-06-15

·

CVE-2017-10388

CVSS v3.1

7.5

Alta

VetorAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Java SE versions 6u161, 7u151, 8u144 and 9 Java SE Embedded version 8u144
Description The issue allows an unauthenticated attacker with network access via Kerberos to compromise Java SE and Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Java SE and Java SE Embedded. This affects the Java SE Kerberos client.
Recommendations For Java SE versions 6u161, 7u151, 8u144 and 9, update to a version that fixes this issue. For Java SE Embedded version 8u144, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Kerberos client until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CESA-2017_2998
CESA-2017_3392
CVE-2017-10388
DLA-1187-1
DSA-4015-1
DSA-4048-1
MGASA-2017-0460
OPENSUSE-SU-2017_2998-1
OPENSUSE-SU-2018_0042-1
OPENSUSE-SU-2024:10876-1
RHSA-2017:2998
RHSA-2017:2999
RHSA-2017:3046
RHSA-2017:3047
RHSA-2017:3264
RHSA-2017:3267
RHSA-2017:3268
RHSA-2017:3392
RHSA-2017:3453
RHSA-2017_2998
RHSA-2017_2999
RHSA-2017_3046
RHSA-2017_3047
RHSA-2017_3264
RHSA-2017_3267
RHSA-2017_3268
RHSA-2017_3392
SUSE-SU-2017:2989-1
SUSE-SU-2017:3235-1
SUSE-SU-2017:3369-1
SUSE-SU-2017:3411-1
SUSE-SU-2017:3440-1
SUSE-SU-2017:3455-1
SUSE-SU-2018:0005-1
SUSE-SU-2018:0061-1
USN-3473-1
USN-3497-1

Produtos afetados

Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Kerberos
Red Hat
Suse
Ubuntu