Lucene search

[email protected]NVD:CVE-2017-3544

HistoryApr 24, 2017 - 7:59 p.m.

CVE-2017-3544

2017-04-2419:59:04

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.2

Confidence

High

EPSS

0.002

Percentile

57.4%

JSON

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected configurations

Nvd

Node

oraclejdkMatch1.6.0update141

oraclejdkMatch1.7.0update131

oraclejdkMatch1.8.0update121

oraclejreMatch1.6.0update141

oraclejreMatch1.7.0update_131

oraclejreMatch1.8.0update_121

oraclejrockitMatchr28.3.13

Node

redhatsatelliteMatch5.8

debiandebian_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

redhaticedteaRange<3.4.0

Node

googleandroidMatch4.4.4

googleandroidMatch5.0.2

googleandroidMatch5.1.1

googleandroidMatch6.0

googleandroidMatch6.0.1

googleandroidMatch7.0

googleandroidMatch7.1.1

googleandroidMatch7.1.2

VendorProductVersionCPE
oraclejdk1.6.0cpe:2.3:a:oracle:jdk:1.6.0:update141:*:*:*:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*
oraclejre1.6.0cpe:2.3:a:oracle:jre:1.6.0:update141:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*
oraclejrockitr28.3.13cpe:2.3:a:oracle:jrockit:r28.3.13:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	jdk	1.6.0	cpe:2.3:a:oracle:jdk:1.6.0:update141::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update131::::::
oracle	jdk	1.8.0	cpe:2.3:a:oracle:jdk:1.8.0:update121::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update141::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update_131::::::
oracle	jre	1.8.0	cpe:2.3:a:oracle:jre:1.8.0:update_121::::::
oracle	jrockit	r28.3.13	cpe:2.3:a:oracle:jrockit:r28.3.13:::::::*
redhat	satellite	5.8	cpe:2.3:a:redhat:satellite:5.8:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*