CVE-2017-10355

🗓️ 19 Oct 2017 17:00:00Reported by oracleType

cve🔗 web.nvd.nist.gov👁 289 Views🌐 WEB

Vulnerability in Oracle Java SE, Java SE Embedded, JRockit component (CVE-2017-10355

Reporter	Title	Published	Views	Family All 223
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM Java Runtime Affect IBM Tealeaf Customer Experience	23 Jun 201803:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server	11 Jan 201916:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server	16 Jun 201814:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium	16 Jun 201822:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Metrics Manager 2018 Q1 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.	15 Jun 201823:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM API Connect	29 Jun 201817:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients.	7 Dec 202008:05	–	ibm

NVD

Vulners

Node

oracle jdkMatch1.6.0update161

oracle jdkMatch1.7.0update151

oracle jdkMatch1.8.0update144

oracle jdkMatch1.9.0

oracle jreMatch1.6.0update161

oracle jreMatch1.7.0update151

oracle jreMatch1.8.0update144

oracle jreMatch1.9.0

oracle jrockitMatchr28.3.15

Node

redhat satelliteMatch5.8

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch7.4

redhat enterprise_linux_eusMatch7.5

redhat enterprise_linux_eusMatch7.6

redhat enterprise_linux_eusMatch7.7

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.4

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_tusMatch7.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_workstationMatch6.0

redhat enterprise_linux_workstationMatch7.0

Node

netapp active_iq_unified_managerRange7.3≥windows

netapp active_iq_unified_managerRange9.5≥vmware_vsphere

netapp cloud_backupMatch-

netapp e-series_santricity_management_plug-insMatch-vmware_vcenter

netapp e-series_santricity_os_controllerRange11.0–11.70.1

netapp e-series_santricity_storage_managerMatch-

netapp e-series_santricity_web_servicesMatch-web_services_proxy

netapp element_softwareMatch-

netapp oncommand_balanceMatch-

netapp oncommand_insightMatch-

netapp oncommand_performance_managerMatch-vmware_vsphere

netapp oncommand_shiftMatch-

netapp oncommand_unified_managerRange≤7.1vsphere

netapp oncommand_unified_managerRange≤7.1windows

netapp oncommand_unified_managerMatch-7-mode

netapp oncommand_workflow_automationMatch-

netapp plug-in_for_symantec_netbackupMatch-

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp steelstore_cloud_integrated_storageMatch-

netapp storage_replication_adapter_for_clustered_data_ontapRange7.2≥vmware_vsphere

netapp storage_replication_adapter_for_clustered_data_ontapRange7.2≥windows

netapp vasa_provider_for_clustered_data_ontapRange7.2≥

netapp vasa_provider_for_clustered_data_ontapMatch6.0

netapp virtual_storage_consoleRange7.2≥vmware_vsphere

netapp virtual_storage_consoleMatch6.0vmware_vsphere

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

[
  {
    "product": "Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Java SE: 6u161"
      },
      {
        "status": "affected",
        "version": "7u151"
      },
      {
        "status": "affected",
        "version": "8u144"
      },
      {
        "status": "affected",
        "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:3047
securityfocus	www.securityfocus.com/bid/101369
debian	www.debian.org/security/2017/dsa-4015
security	www.security.netapp.com/advisory/ntap-20171019-0001/
access	www.access.redhat.com/errata/RHSA-2017:2999
access	www.access.redhat.com/errata/RHSA-2017:3268
access	www.access.redhat.com/errata/RHSA-2017:3264
lists	www.lists.debian.org/debian-lts-announce/2017/11/msg00033.html
security	www.security.gentoo.org/glsa/201710-31
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Parameter	Position	Path	Description
test.xml	nested	ftp://maliciousftp:2121/test.xml	FTP URL resource fetched by InputStream to trigger DoS.
schema	nested	ftp://maliciousftp:2121/schema	FTP URL used to load XML Schema via SchemaFactory, enabling DoS.
test?wsdl	nested	ftp://maliciousftp:2121/test?wsdl	FTP URL used in javax.xml.ws.Service to obtain a service, enabling DoS.
test	nested	ftp://maliciousftp:2121/test	FTP URL used with JAXBContext / Unmarshaller leading to DoS.
duke.jar	nested	ftp://maliciousftp:2121/duke.jar	FTP URL used in JarURLConnection example to trigger DoS via manifest access.

13 May 2026 00:24Current

5.3Medium risk

Vulners AI Score5.3

CVSS 25

CVSS 3.15.3

EPSS0.06365

SSVC