Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-10355
HistoryOct 19, 2017 - 5:29 p.m.

CVE-2017-10355

2017-10-1917:29:04
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.0%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

NVD
Node
oraclejdkMatch1.6.0update161
OR
oraclejdkMatch1.7.0update151
OR
oraclejdkMatch1.8.0update144
OR
oraclejdkMatch1.9.0
OR
oraclejreMatch1.6.0update161
OR
oraclejreMatch1.7.0update151
OR
oraclejreMatch1.8.0update144
OR
oraclejreMatch1.9.0
OR
oraclejrockitMatchr28.3.15
Node
redhatsatelliteMatch5.8
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.4
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappcloud_backupMatch-
OR
netappe-series_santricity_management_plug-insMatch-vmware_vcenter
OR
netappe-series_santricity_os_controllerRange11.011.70.1
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netappelement_softwareMatch-
OR
netapponcommand_balanceMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_performance_managerMatch-vmware_vsphere
OR
netapponcommand_shiftMatch-
OR
netapponcommand_unified_managerRange7.1vsphere
OR
netapponcommand_unified_managerRange7.1windows
OR
netapponcommand_unified_managerMatch-7-mode
OR
netapponcommand_workflow_automationMatch-
OR
netappplug-in_for_symantec_netbackupMatch-
OR
netappsnapmanagerMatch-oracle
OR
netappsnapmanagerMatch-sap
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange7.2vmware_vsphere
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange7.2windows
OR
netappvasa_provider_for_clustered_data_ontapRange7.2
OR
netappvasa_provider_for_clustered_data_ontapMatch6.0
OR
netappvirtual_storage_consoleRange7.2vmware_vsphere
OR
netappvirtual_storage_consoleMatch6.0vmware_vsphere
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0

Related

cvelist 1
debiancve 1
prion 1
redhatcve 1
exploitpack 1
cve 1
ubuntucve 1
veracode 1
exploitdb 1
ibm 50
nessus 49
openvas 28
redhat 9
osv 3
suse 10
amazon 2
centos 2
ubuntu 2
mageia 1
debian 3
oraclelinux 2
gentoo 2
aix 1
kaspersky 1
photon 1
oracle 1
cvelist
cvelist
CVE-2017-10355
2017-10-19 17:00:00
debiancve
debiancve
CVE-2017-10355
2017-10-19 17:29:04
prion
prion
Code injection
2017-10-19 17:29:00
redhatcve
redhatcve
CVE-2017-10355
2020-10-05 05:26:13
exploitpack
exploitpack
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service
2017-08-30 00:00:00
cve
cve
CVE-2017-10355
2017-10-19 17:29:04
ubuntucve
ubuntucve
CVE-2017-10355
2017-10-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:53
exploitdb
exploitdb
Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service
2017-08-30 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2017-10295, CVE-2017-10355)
2018-06-17 15:49:33
Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine
2018-06-17 05:26:45
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications
2018-06-16 20:13:25
nessus
nessus
Oracle JRockit R28.3.15 Multiple Vulnerabilities (October 2017 CPU)
2017-10-18 00:00:00
Debian DSA-4048-1 : openjdk-7 - security update
2017-11-27 00:00:00
EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)
2017-11-01 00:00:00
openvas
openvas
RedHat Update for java-1.8.0-openjdk RHSA-2017:2998-01
2017-10-21 00:00:00
Ubuntu: Security Advisory (USN-3473-1)
2017-11-09 00:00:00
Debian: Security Advisory (DSA-4015-1)
2017-11-01 00:00:00
redhat
redhat
(RHSA-2017:2998) Critical: java-1.8.0-openjdk security update
2017-10-20 10:13:17
(RHSA-2017:3268) Critical: java-1.7.1-ibm security update
2017-11-28 20:28:12
(RHSA-2017:3264) Critical: java-1.8.0-ibm security update
2017-11-27 17:52:25
osv
osv
openjdk-8 - security update
2017-11-02 00:00:00
openjdk-7 - security update
2017-11-23 00:00:00
openjdk-7 - security update
2017-11-23 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2017-12-07 21:12:27
Security update for java-1_7_0-ibm (important)
2018-01-10 12:10:02
Security update for java-1_7_1-ibm (important)
2017-12-27 15:12:43
amazon
amazon
Critical: java-1.8.0-openjdk
2017-10-26 19:46:00
Critical: java-1.7.0-openjdk
2017-12-20 19:02:00
centos
centos
java security update
2017-10-20 15:50:18
java security update
2017-12-06 15:21:38
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2017-11-08 00:00:00
OpenJDK 7 vulnerabilities
2017-11-29 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-12-21 21:18:18
debian
debian
[SECURITY] [DLA 1187-1] openjdk-7 security update
2017-11-23 17:31:43
[SECURITY] [DSA 4048-1] openjdk-7 security update
2017-11-23 22:11:38
[SECURITY] [DSA 4015-1] openjdk-8 security update
2017-11-02 21:44:03
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2017-10-20 00:00:00
java-1.7.0-openjdk security and bug fix update
2017-12-06 00:00:00
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-11-19 00:00:00
Oracle JDK/JRE: Multiple vulnerabilities
2017-10-29 00:00:00
aix
aix
There are multiple vulnerabilities in IBM SDK Java Technology Edition
2017-12-07 12:20:05
kaspersky
kaspersky
KLA11122 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
2017-10-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0080
2017-10-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.0%

JSON
Related for NVD:CVE-2017-10355
cvelist1debiancve1prion1redhatcve1exploitpack1cve1ubuntucve1veracode1exploitdb1ibm50nessus49openvas28redhat9osv3suse10amazon2centos2ubuntu2mageia1debian3oraclelinux2gentoo2aix1kaspersky1photon1oracle1