CVE-2017-10281

moderate-risk

Published 2017-10-19

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Do I need to act?

0.73% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Jdk

Jre

Jrockit

Debian Linux

Satellite

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Active Iq Unified Manager

Cloud Backup

Affected Vendors

Netapp Oracle Debian Redhat

References (36)

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Broken Link http://www.securityfocus.com/bid/101378

Broken Link http://www.securitytracker.com/id/1039596

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2998

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2999

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3046

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3047

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3264

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3267

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3268

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3392

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3453

Mailing List https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html

Third Party Advisory https://security.gentoo.org/glsa/201710-31

Third Party Advisory https://security.gentoo.org/glsa/201711-14

Third Party Advisory https://security.netapp.com/advisory/ntap-20171019-0001/

Third Party Advisory https://www.debian.org/security/2017/dsa-4015

Third Party Advisory https://www.debian.org/security/2017/dsa-4048

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Broken Link http://www.securityfocus.com/bid/101378

and 16 more references

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 2/34 · Minimal

Exposure 26/34 · High