CVE-2017-10355

high-risk
Published 2017-10-19

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Do I need to act?

~
6.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
44057
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Jdk
Jre

Affected Vendors

Netapp Oracle Debian Redhat

References (36)

Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Broken Link http://www.securityfocus.com/bid/101369
Broken Link http://www.securitytracker.com/id/1039596
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2998
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2999
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3046
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3047
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3264
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3267
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3268
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3392
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3453
Mailing List https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Third Party Advisory https://security.gentoo.org/glsa/201710-31
Third Party Advisory https://security.gentoo.org/glsa/201711-14
Third Party Advisory https://security.netapp.com/advisory/ntap-20171019-0001/
Third Party Advisory https://www.debian.org/security/2017/dsa-4015
Third Party Advisory https://www.debian.org/security/2017/dsa-4048
Patch http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Broken Link http://www.securityfocus.com/bid/101369
and 16 more references
56
/ 100
high-risk
Severity 21/34 · High
Exploitability 9/34 · Low
Exposure 26/34 · High