PT-2017-15753 · Oracle+5 · Java Se Embedded+7

Published

2017-01-19

·

Updated

2024-06-15

·

CVE-2017-3289

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Java SE versions 7u121 and 8u112 Java SE Embedded version 8u111
Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE and Java SE Embedded, requiring human interaction from a person other than the attacker. Successful attacks may significantly impact additional products and can result in the takeover of Java SE and Java SE Embedded. This issue applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.
Recommendations For Java SE version 7u121, update to a version that contains a fix for this issue. For Java SE version 8u112, update to a version that contains a fix for this issue. For Java SE Embedded version 8u111, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of untrusted code in Java deployments to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2017_0180
CESA-2017_0269
CVE-2017-3289
DLA-821-1
DSA-3782-1
MGASA-2017-0041
OPENSUSE-SU-2017_0374-1
OPENSUSE-SU-2017_0513-1
OPENSUSE-SU-2017_1429-1
OPENSUSE-SU-2024:10876-1
RHSA-2017:0175
RHSA-2017:0176
RHSA-2017:0180
RHSA-2017:0263
RHSA-2017:0269
RHSA-2017:0336
RHSA-2017:0337
RHSA-2017:1216
RHSA-2017_0175
RHSA-2017_0176
RHSA-2017_0180
RHSA-2017_0263
RHSA-2017_0269
RHSA-2017_0336
SUSE-SU-2017:0346-1
SUSE-SU-2017:0460-1
SUSE-SU-2017:0490-1
SUSE-SU-2017:1400-1
SUSE-SU-2017_1400-1
USN-3179-1
USN-3194-1
ZDI-17-057

Affected Products

Centos
Ibm Aix
Java Platform
Java Se
Java Se Embedded
Red Hat
Suse
Ubuntu