PT-2017-11332 · Oracle+5 · Jrockit+8

Published

2017-10-19

·

Updated

2024-06-15

·

CVE-2017-10355

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Java SE versions 6u161, 7u151, 8u144 and 9 Java SE Embedded version 8u144 JRockit version R28.3.15
Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit, resulting in a partial denial of service. This can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component.
Recommendations For Java SE versions 6u161, 7u151, 8u144 and 9, update to a version that contains the fix for this issue. For Java SE Embedded version 8u144, update to a version that contains the fix for this issue. For JRockit version R28.3.15, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the Networking component until a patch is available. Avoid using the vulnerable Type MLU Read function in cmstypes.c until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2017_2998
CESA-2017_3392
CVE-2017-10355
DLA-1187-1
DSA-4015-1
DSA-4048-1
MGASA-2017-0460
OPENSUSE-SU-2017_2998-1
OPENSUSE-SU-2018_0042-1
OPENSUSE-SU-2024:10876-1
RHSA-2017:2998
RHSA-2017:2999
RHSA-2017:3046
RHSA-2017:3047
RHSA-2017:3264
RHSA-2017:3267
RHSA-2017:3268
RHSA-2017:3392
RHSA-2017:3453
RHSA-2017_2998
RHSA-2017_2999
RHSA-2017_3046
RHSA-2017_3047
RHSA-2017_3264
RHSA-2017_3267
RHSA-2017_3268
RHSA-2017_3392
SUSE-SU-2017:2989-1
SUSE-SU-2017:3235-1
SUSE-SU-2017:3369-1
SUSE-SU-2017:3411-1
SUSE-SU-2017:3440-1
SUSE-SU-2017:3455-1
SUSE-SU-2018:0005-1
SUSE-SU-2018:0061-1
USN-3473-1
USN-3497-1

Affected Products

Centos
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu