CVE-2017-3259

Name of the Vulnerable Software and Affected Versions Java SE versions 6u131, 7u121, and 8u112

Description The issue is related to a vulnerability in the Java SE component, specifically in the Deployment subcomponent. This vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, resulting in unauthorized read access to a subset of Java SE accessible data. The vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security. It does not apply to Java deployments that load and run only trusted code.

Recommendations For Java SE version 6u131, update to a version that contains a fix for this issue. For Java SE version 7u121, update to a version that contains a fix for this issue. For Java SE version 8u112, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available.