CVE-2017-10349

🗓️ 19 Oct 2017 17:00:00Reported by oracleType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 235 Views

Vulnerability in Oracle Java SE (JAXP) allows unauthorized network access, leading to denial of service

Reporter	Title	Published	Views	Family All 213
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications	17 Jun 201812:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server	11 Jan 201916:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server	16 Jun 201814:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium	16 Jun 201822:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Metrics Manager 2018 Q1 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.	15 Jun 201823:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin	17 Jun 201805:26	–	ibm

NVD

Vulners

Node

oracle jdkMatch1.6.0update161

oracle jdkMatch1.7.0update151

oracle jdkMatch1.8.0update144

oracle jdkMatch1.9.0

oracle jreMatch1.6.0update161

oracle jreMatch1.7.0update151

oracle jreMatch1.8.0update144

oracle jreMatch1.9.0

Node

redhat satelliteMatch5.8

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.4

redhat enterprise_linux_eusMatch7.5

redhat enterprise_linux_eusMatch7.6

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.4

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_tusMatch7.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

Node

netapp active_iq_unified_managerRange7.3≥windows

netapp active_iq_unified_managerRange9.5≥vmware_vsphere

netapp cloud_backupMatch-

netapp e-series_santricity_management_plug-insMatch-vmware_vcenter

netapp e-series_santricity_os_controllerRange11.0–11.70.1

netapp e-series_santricity_storage_managerMatch-

netapp e-series_santricity_web_servicesMatch-web_services_proxy

netapp element_softwareMatch-

netapp oncommand_balanceMatch-

netapp oncommand_insightMatch-

netapp oncommand_performance_managerMatch-vmware_vsphere

netapp oncommand_shiftMatch-

netapp oncommand_unified_managerRange≤7.1vsphere

netapp oncommand_unified_managerRange≤7.1windows

netapp oncommand_unified_managerMatch-7-mode

netapp oncommand_workflow_automationMatch-

netapp plug-in_for_symantec_netbackupMatch-

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp steelstore_cloud_integrated_storageMatch-

netapp storage_replication_adapter_for_clustered_data_ontapRange7.2≥vmware_vsphere

netapp storage_replication_adapter_for_clustered_data_ontapRange7.2≥windows

netapp vasa_provider_for_clustered_data_ontapRange7.2≥

netapp vasa_provider_for_clustered_data_ontapMatch6.0

netapp virtual_storage_consoleRange7.2≥vmware_vsphere

netapp virtual_storage_consoleMatch6.0vmware_vsphere

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 6u161"
      },
      {
        "status": "affected",
        "version": "7u151"
      },
      {
        "status": "affected",
        "version": "8u144"
      },
      {
        "status": "affected",
        "version": "9; Java SE Embedded: 8u144"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:3047
debian	www.debian.org/security/2017/dsa-4015
security	www.security.netapp.com/advisory/ntap-20171019-0001/
access	www.access.redhat.com/errata/RHSA-2017:2999
access	www.access.redhat.com/errata/RHSA-2017:3268
access	www.access.redhat.com/errata/RHSA-2017:3264
lists	www.lists.debian.org/debian-lts-announce/2017/11/msg00033.html
security	www.security.gentoo.org/glsa/201710-31
access	www.access.redhat.com/errata/RHSA-2017:3453
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

13 May 2026 00:24Current

5.4Medium risk

Vulners AI Score5.4

CVSS 25

CVSS 3.15.3

EPSS0.00602

SSVC