CVE-2017-10388
19.10.2017, 17:29
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 1.9.0 |
| oracle | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jre | 1.8.0 |
| oracle | jre | 1.9.0 |
| redhat | satellite | 5.8 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| netapp | active_iq_unified_manager | 7.3 ≤ |
| netapp | active_iq_unified_manager | 9.5 ≤ |
| netapp | cloud_backup | - |
| netapp | e-series_santricity_management_plug-ins | - |
| netapp | e-series_santricity_os_controller | 11.0 ≤ 𝑥 ≤ 11.70.1 |
| netapp | e-series_santricity_storage_manager | - |
| netapp | e-series_santricity_web_services | - |
| netapp | element_software | - |
| netapp | oncommand_balance | - |
| netapp | oncommand_insight | - |
| netapp | oncommand_performance_manager | - |
| netapp | oncommand_shift | - |
| netapp | oncommand_unified_manager | 𝑥 ≤ 7.1 |
| netapp | oncommand_unified_manager | 𝑥 ≤ 7.1 |
| netapp | oncommand_unified_manager | - |
| netapp | oncommand_workflow_automation | - |
| netapp | plug-in_for_symantec_netbackup | - |
| netapp | snapmanager | - |
| netapp | snapmanager | - |
| netapp | steelstore_cloud_integrated_storage | - |
| netapp | storage_replication_adapter_for_clustered_data_ontap | 7.2 ≤ |
| netapp | storage_replication_adapter_for_clustered_data_ontap | 7.2 ≤ |
| netapp | vasa_provider_for_clustered_data_ontap | 7.2 ≤ |
| netapp | vasa_provider_for_clustered_data_ontap | 6.0 |
| netapp | virtual_storage_console | 7.2 ≤ |
| netapp | virtual_storage_console | 6.0 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| icedtea-web |
| ||||||||||||||||||||||||||||||
| openjdk-6 |
| ||||||||||||||||||||||||||||||
| openjdk-7 |
| ||||||||||||||||||||||||||||||
| openjdk-8 |
| ||||||||||||||||||||||||||||||
| openjdk-9 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| java-1_7_0-openjdk |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_7_0-openjdk-demo |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_7_0-openjdk-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_7_0-openjdk-headless |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_8_0-openjdk |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_8_0-openjdk-demo |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_8_0-openjdk-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||
| java-1_8_0-openjdk-headless |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| java-1.7.0-openjdk |
| ||||
| java-1.7.0-openjdk-accessibility |
| ||||
| java-1.7.0-openjdk-demo |
| ||||
| java-1.7.0-openjdk-devel |
| ||||
| java-1.7.0-openjdk-headless |
| ||||
| java-1.7.0-openjdk-javadoc |
| ||||
| java-1.7.0-openjdk-src |
| ||||
| java-1.7.1-ibm |
| ||||
| java-1.7.1-ibm-demo |
| ||||
| java-1.7.1-ibm-devel |
| ||||
| java-1.7.1-ibm-jdbc |
| ||||
| java-1.7.1-ibm-plugin |
| ||||
| java-1.7.1-ibm-src |
| ||||
| java-1.8.0-ibm |
| ||||
| java-1.8.0-ibm-demo |
| ||||
| java-1.8.0-ibm-devel |
| ||||
| java-1.8.0-ibm-jdbc |
| ||||
| java-1.8.0-ibm-plugin |
| ||||
| java-1.8.0-ibm-src |
| ||||
| java-1.8.0-openjdk |
| ||||
| java-1.8.0-openjdk-accessibility |
| ||||
| java-1.8.0-openjdk-accessibility-debug |
| ||||
| java-1.8.0-openjdk-debug |
| ||||
| java-1.8.0-openjdk-demo |
| ||||
| java-1.8.0-openjdk-demo-debug |
| ||||
| java-1.8.0-openjdk-devel |
| ||||
| java-1.8.0-openjdk-devel-debug |
| ||||
| java-1.8.0-openjdk-headless |
| ||||
| java-1.8.0-openjdk-headless-debug |
| ||||
| java-1.8.0-openjdk-javadoc |
| ||||
| java-1.8.0-openjdk-javadoc-debug |
| ||||
| java-1.8.0-openjdk-javadoc-zip |
| ||||
| java-1.8.0-openjdk-javadoc-zip-debug |
| ||||
| java-1.8.0-openjdk-src |
| ||||
| java-1.8.0-openjdk-src-debug |
|
References