Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2017-10309
HistoryOct 19, 2017 - 12:00 a.m.

CVE-2017-10309

2017-10-1900:00:00
ubuntu.com
ubuntu.com
20

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
Deployment). Supported versions that are affected are Java SE: 8u144 and 9.
Easily exploitable vulnerability allows unauthenticated attacker with
network access via multiple protocols to compromise Java SE. Successful
attacks require human interaction from a person other than the attacker and
while the vulnerability is in Java SE, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of Java SE accessible
data as well as unauthorized read access to a subset of Java SE accessible
data and unauthorized ability to cause a partial denial of service (partial
DOS) of Java SE. Note: This vulnerability applies to Java deployments,
typically in clients running sandboxed Java Web Start applications or
sandboxed Java applets, that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. This
vulnerability does not apply to Java deployments, typically in servers,
that load and run only trusted code (e.g., code installed by an
administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and
Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Notes

Author Note
sbeattie Deployment is not used in packaging

Related

zdt 1
srcincite 1
checkpoint_advisories 1
veracode 1
openvas 2
redhatcve 1
prion 1
packetstorm 1
exploitpack 1
ibm 18
cve 1
debiancve 1
exploitdb 1
nessus 12
redhat 4
gentoo 1
suse 1
aix 1
kaspersky 1
photon 1
oracle 1
zdt
zdt
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit
2017-10-31 00:00:00
srcincite
srcincite
SRC-2017-0028 : Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability
2017-06-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE XML External Entity Injection Information Disclosure (CVE-2017-10309)
2019-05-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:52
openvas
openvas
Oracle Java SE Security Updates (oct2017-3236626) 01 - Windows
2017-10-18 00:00:00
Oracle Java SE Security Updates (oct2017-3236626) 01 - Linux
2017-10-18 00:00:00
redhatcve
redhatcve
CVE-2017-10309
2017-10-17 21:21:30
prion
prion
Design/Logic Flaw
2017-10-19 17:29:00
packetstorm
packetstorm
Oracle Java SE Wv8u131 Information Disclosure
2017-11-02 00:00:00
exploitpack
exploitpack
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
2017-10-30 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Host On-Demand
2020-02-03 13:35:58
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-10388, CVE-2017-10356)
2018-09-29 20:06:32
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation
2019-05-23 05:10:01
cve
cve
CVE-2017-10309
2017-10-19 17:29:00
debiancve
debiancve
CVE-2017-10309
2017-10-19 17:29:00
exploitdb
exploitdb
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
2017-10-30 00:00:00
nessus
nessus
Photon OS 1.0: Openjre PHSA-2017-0040
2019-02-07 00:00:00
Photon OS 1.0: Openjdk PHSA-2017-0040
2019-02-07 00:00:00
Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)
2018-08-17 00:00:00
redhat
redhat
(RHSA-2017:3264) Critical: java-1.8.0-ibm security update
2017-11-27 17:52:25
(RHSA-2017:3267) Critical: java-1.8.0-ibm security update
2017-11-28 20:27:53
(RHSA-2017:2999) Critical: java-1.8.0-oracle security update
2017-10-23 07:33:24
gentoo
gentoo
Oracle JDK/JRE: Multiple vulnerabilities
2017-10-29 00:00:00
suse
suse
Security update for java-1_8_0-ibm (important)
2017-12-22 15:07:42
aix
aix
There are multiple vulnerabilities in IBM SDK Java Technology Edition
2017-12-07 12:20:05
kaspersky
kaspersky
KLA11122 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
2017-10-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0080
2017-10-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON
Related for UB:CVE-2017-10309
zdt1srcincite1checkpoint_advisories1veracode1openvas2redhatcve1prion1packetstorm1exploitpack1ibm18cve1debiancve1exploitdb1nessus12redhat4gentoo1suse1aix1kaspersky1photon1oracle1